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WIND RIVER DUMPS SUN JVM 

Invests in Insignia Solutions, adopts Jeode 



BY EDWARD J. CORREIA 

I n a dramatic turnabout, embed- 
ded systems developer Wind 
River Systems Inc. has an- 
nounced that it will standardize 
on I nsignia Solutions I nc.'sj eode 
JVM , turning its back on the Sun 
Microsystems Inc. JVM that it 
has been using since 1995. 

According to Joerg Bert- 
holdt, director of marketing for 
Wind River's Applications Plat- 
forms Group, the move to 
adopt Jeode was prompted 
largely by customer demands 
for better Java performance. 
"Based on some of the licensing 
agreements with Sun, there was 
no way to improve the technol- 
ogy," he said, speaking of the 
time before the Java Commun- 
ity Process (JCP) was estab- 



lished. "But with the introduc- 
tion of theJCP 2.0, there is sep- 
aration between specification 
and implementation." 

Wind River has taken advan- 
tage of the new JCP guidelines 
to improve Java performance in 
its Personal J Works 3.1 devel- 
opment kit by adding its new 
J Works graphics stack, released 
in M arch. J Works is an acceler- 
ated AWT, or abstract windows 
toolkit, useful for Java GUI 
development. According to 
Bertholdt, the software repre- 
sented a strategic shift for 
Wind River (www.windriver 
.com). "In the past, you could 
have thought of Wind River as 
a porting house for Sun tech- 
nology." While it is undecided 

► continued on page 28 



OMG Declares 
Independence 

From Platforms 

Previews application architecture 
for modeling first, mapping later 



BY DAVID RUBINSTEIN 

Saying corporate ClOs will 
need a software architecture to 
connect what already has been 
built with what will be built in 
the future, the Object M anage- 
ment Group Inc. last month 
announced its membership has 
voted to accept the M odel- 
D riven Architecture as the basis 
for future OMG standards. 




Applications are modeled in UML and targeted 
to platforms based on industry standards. 



Although the first products 
supporting MDA are not ex- 
pected to be available until the 
end of the year, OMG sees a 
need for flexibility to be built 
right into the application com- 
ponents to allow enterprises to 
take advantage of changes as 
they happen. This is done, the 
group believes, by designing 
the system to minimize the 
impact of future plat- 
form changes. 

"This gives [enter- 
prises] the ability to sup- 
port the next 'best 
thing,'" said OMG chair- 
man Richard Soley. 
"M DA is a new way to 
specify systems. This is 
not just a new middle- 
ware platform. We're 
extending our purview 
to focus on heterogene- 
ity at another level." 
David Frankel, chief 

► continued on page 44 



BEA Enters Into Web Services 

ebXML, RosettaNet supported along with SOAR UDDI 



BY DOUGLAS FINLAY 

BEA Systems Inc. reiterated its 
support for Web-service stan- 
dards such as SOAP, UDDI, 
XML and W SDL at its F ebruary 
eWorld customer conference, 
but in a twist added support for 
the new Business Transaction 
Protocol (BTP) from the Orga- 
nization for the Advancement of 
Structured Information Stan- 
dards, and for ebXM L and 
RosettaNet standards. In addi- 
tion, BEA announced upgrades 
to its Tuxedo and WebLogic 
E nterprise servers. 

"We've been recognizing 



Web services standards for 
months through the release of 
products such as WebLogic 
Server 6.0 that support SOAP," 
said John Kiger, BEA's director 
of product management. 
But he said the reason 
for adding BTP, ebXML 
and RosettaNet support 
to its future products— 
along with SOAP, UDDI 
and XM L — was to sepa- 
rate it from the small but 
growing pack of compa- 
nies that have rallied 
around only basic foun- 
dation technologies such 
as SOAP. 

"SOAP and UDDI 
are just not sufficiently rich 
enough to support business 
transactions and relationships 
that will be typical of Web ser- 
vices in the future," Kiger con- 
tinued. "Web services are 
more than the simple request/ 




Adding business 
process state- 
ments separates 
BEA from the 
pack, says Kiger. 



response paradigm that SOAP 
represents," he said. 

He said future business-to- 
business transactions utilizing 
Web-service technologies will 
require collaboration 
tools, as well as tools that 
define what transactions 
are and what is being 
transacted, in addition to 
defining security issues 
for access to documen- 
tation, "things they will 
need to do to integrate 
supply-chain data and 
applications." 

Unlike Oracle Corp. 
and Sun M icrosystems 
Inc., which both an- 
nounced in recent weeks their 
support for Web-service stan- 
dards, BEA (www.bea.com) had 
remained low-key with such 
announcements, Kiger said, 
until it could pair them with new 
product releases for customers. 



Indeed, in March, BEA 
shipped its WebLogic Collabo- 
rate for RosettaN et that provides 
tools for building RosettaNet 
Partner Interface Processes, 
offering baseline rules and stan- 
dard messaging formats for trad- 
ing partner interaction. The new 
Collaborate also features BTP, 
an XM L protocol that supports 
real-time collaborative com- 
merce by managing message ex- 
changes as long-running, loosely 
coupled conversations among 
trading partners. OASIS mem- 
bers BEA, Bowstreet, Inter- 
woven I nc. and Sun make up the 
OASIS Technical Committee 
now studying the long-term effi- 
cacy of BTP as a business trans- 
action management protocol. 

Also at eWorld, BEA an- 
nounced its Tuxedo Transaction 
Application Server version 8.0, 
and the WebLogic Enterprise 
6.0 upgrades. "Tuxedo 8.0 
rounds out the entire application 
development platform by adding 
CORBA to the C, C++ and 
COBOL environments for appli- 
cation development," Kiger said. 

► continued on page 44 




Mac OS X 



An Overview for Developers 



* 



With Mac OS X, Apple asserts its 

leadership In the advanced tech no lo- 
gics end design sensibilities that ere 
the ha 1 1 marks of any great operating 
system. 
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SpeeDev Manages Projects, Helps Avoid Chaos 

Peer-to-peer browser solution soon to be available as ASP 




BY EDWARD J. CORREIA 

If you believe Friedrich Engels 
and Karl M arx, chaos is part of 
the natural order of things. 
Bucking that trend is SpeeDev 
I nc, maker of SpeeD ev ; a new 
Web-based software project 
management system that seeks 
to impose process on the chaos, 
and thereby make collaboration 
more effective. 

The browser-based SpeeDev 
is composed of four 
major components de- 
signed to track the re- 
quirements, issues, tasks 
and processes associated 
with a software develop- 
ment project. 

According to Sky Basu, SpeeDev allows 
SpeeD evS founder and managers to 
CEO, the main objective focus on man- 
is not only to provide agement, 
order, but to help project says Basu. 
managers actually man- 
age. "We are trying to relieve the 
project manager's workload. 
Typically everything in a project 
goes through the project manag- 
er. H e creates and assigns all the 
tasks, and every day his basic 
work becomes not actually doing 
the project, but creating the 
tasks. With SpeeDev, tasks are 
generated and assigned collabo- 
ratively and go through different 
stages during the project," he 
said, including the requirements, 
development and testing 



stages. "And SpeeDev allows a 
project manager to define rules 
for the whole process using a 
work flow. The manager can sit 
back and relax and watch how 
things are happening." 

Another advantage of the sys- 
tem, claims Basu, is its distrib- 
uted processing capabilities. "In 
the good old days, everything 
was done in a 50-foot radius and 
problems were solved around 
the water cooler. Now 
everything is across conti- 
nents, and you need a 
tool that you can access 
from anywhere anytime. 
All our functions are 
through the browser, and 
every date and time is 
converted automatically 
to local zones." This fea- 
ture, Basu said, prevents 
the chaos associated with 
receiving assignments 
the future or that are 
already past due. 

For development teams not 
using some sort of process 
automation, Basu said the 
results are often unproductive. 
"The alternative is to write 
huge dusty manuals and ask 
everyone to memorize and fol- 
low them." These scenarios, he 
said, turn project managers into 
process police. "With SpeeDev, 
there is no manual to memo- 
rize, and everybody is integrat- 



ed in terms of rules and roles." 
SpeeD ev is available now for 
enterprise servers running 
Windows NT/2000, SQL Server 
and I IS for $1,000 per user. The 
addition of Seagate Crystal Re- 
ports also is required. The com- 
pany (www.speedev.com) also 
offers a hosting service for an 
additional $5,000 per host 
CPU. An ASP service, sched- 
uled for launch at next week's 
SD 2001 West Conference in 
San Jose, Calif., will cost $160 
per user per month. I 




Browser-based tool tracks project tasks, adjusts to local time zones. 
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Assembling Applications Piece by Piece 

WebGain, ComponentSource deal pushes component development 



BY DAVID RUBINSTEIN 

A recent agreement between 
WebGain Inc. and Component- 
Source is expected to result in 
an easier entry point to enter- 
prise Java component-based 
development, according to 
executives for both companies. 
WebGain has agreed to inte- 
grate ComponentSource's Com- 
ponentF ind service into its forth- 
coming Application Composer 
visual assembly tool, which is the 
latest implementation of the 
Spin technology WebGain re- 
ceived when it acquired Zat I nc. 
last summer, according to Web- 
Gain CEO Joe Menard. The 



integration with Application 
Composer, which is due out 
soon, will allow searches for "off- 
the-shelf" components directly 
from the assembly tool through- 
out the application development 
process, accelerating time-to- 
market for the applications and 
providing ComponentSource 
with a potentially larger number 
of component authors. 

"This will allow WebGain 
users to actually find compo- 
nents, and evaluate them, in 
the context of their environ- 
ment," said ComponentSource 
CEO Sam Patterson, who 
added that some Component- 



PARASOFT'S INSURE » 6.0 CHAPERONS DEVELOPERS 



BY DOUGLAS FINLAY 

Developers weary of putting in 
days or even weeks to check for 
errors in code line by line at the 
source level will get some relief 
with ParaSoft Corp.'s I nsure ++ 
release 6.0, which includes the 
new Chaperon debugging tool 
to enable developers to find 
bugs by examining the exe- 
cutable compiled version of an 
application, rather than study- 
ing its source code. 

"Reading the code at the 
source level is time-consuming 
to developers because it has to 
go through the process of recom- 
pilation and instrumenting," said 
Adam Kolawa, ParaSoft's (www 
.parasoft.com) president. In- 
stead, he said lnsure++ 6.0 
checks the executable version of 
the code, and determines what 
the application will want to do at 
runtime. H e said that while test- 
ing the executable may not be as 
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lnsure++ 6.0 with Chaperon will be available in Linux and Windows versions. 



accurate as examining the source 
code, "developers can use it very 
often to check for errors." 

Once memory-reference er- 
rors, memory leaks, memory 
corruption and third-party li- 



brary errors have been detected 
by Chaperon, the errors are 
handed off to the I nsure++ pro- 
gram, where a source-code in- 
strumentation technique de- 
termines the intent of each line 



Screens check executable code for 
memory leaks and library errors. 

of code before it runs and the 
result after it runs, letting devel- 
opers make changes in code 
when differences between intent 
and actual result are detected. 

A Windows version of 
Insure-H- 6.0 with Chaperon 
and source-code instrumen- 
tation will be available this 
month for $1,595 per single- 
user license. A Linux version is 
expected to be available in 
June, and will be priced at 
$2,495 per single-user license. I 



Find content is being tailored 
specifically for WebGain devel- 
opers to create components for 
the open market. "And of 
course, it gives us a [sales] 
channel direct to the desktop." 

"For [Application Composer] 
to be successful, it needed com- 
ponents," Menard said. "We 
partnered with Component- 
Source because they have the 
largest number of components." 
Menard did say that WebGain 
will be working with other com- 
ponent vendors "down the line." 
Application Composer will be 
designed to work with Web- 
Gain's Studio development envi- 
ronment but is a stand-alone 
product, M enard said. 

While Patterson acknowl- 
edged that other component 
vendors have similar product 
integrations and marketing 
arrangements in place, he said 
ComponentSource's repository 
includes more than 5,400 com- 
ponents, which he said is "a mag- 
nitude of 10 larger" than other 
vendors and the key to being 
successful. Patterson said Com- 
ponentSource adds about 40 
components per week to its Web 
site (www.componentsource 
.com), and that the average price 
of a component is $1,900. 

Another benefit of the 
arrangement, Patterson said, is 
the furthering of component- 
based development in IT 
departments. "A component- 
based approach takes pressure 
off developers. It says, 'How 
do I get from point A to point 
B faster than my competitors 
and save money?' You can bet- 
ter plan your resources under 
this approach." I 
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IETF, W3C Embrace XXXML 

Standards bodies excited about B-to-A schema 



BY I.B. PHOOLEN 

APRIL 1 — In a move 
that surprised no one, 
the Internet Engineering 
Task Force and World 
Wide Web Consortium 
working groups have 
thrown their weight 
behind XXXML, the 
business-to-adult XM L 
metadata schema recent- 
ly proposed by the adult 
entertainment industry 

"We're delighted," 
chirped Buffy Dejour, 
senior spokesmodel for 
the XXXM L Alliance, a nonprof- 
it trade association based in Las 
Vegas. "Many of the IETF and 
W3C committee members pri- 
vately indicated their enthusiastic 
support for our position during 
one-on-one meetings. In fact, 
several of the voting members 
asked for additional private con- 
sultation, and we tried hard to 




XXXML is the ultimate XML schema for facilitating 
effortless B-to-A commerce, says DeJour. 



accommodate their every need." 
Dejour described XXXML 
(pronounced Triple-X ML) as 
the ultimate schema for de- 
scribing the products and ser- 
vices required for robust B-to-A 
commerce. "Sizes, colors, pref- 
erences—they're all part of the 
specification," she said. "We 
made sure to document every 



model, so that there could 
be no confusion. In many 
cases, we even provided 
pictures or home movies." 
According to Dejour, 
the adult entertainment 
industry is at the leading 
edge of electronic com- 
merce. "Look at what's dri- 
ven new technologies, like 
the VCR and the Web: 
adult products! That's 
where the revenues are, 
the demand is, the profits 
are. That's what consumers 
need and what the industry 
demands. And although we sim- 
ply could have released XXXM L 
as a specification from our 
alliance, we'd much prefer to go 
the standards route. That's 
healthier, and more pleasurable, 
for all involved." 

The new specification is 
expected to be formally ratified 
on April 1. 1 



N ew L anguage Targets 
Sub-Average Programmers 

Microsoft's C-- offers basic objects, kindergarten-level syntax 



BY I.B. PHOOLEN 

APRIL 1 — Trying to bridge 
the gap between its Visual 
Basic for Applications and C# 
programming languages, Mi- 
crosoft Corp. has unveiled the 
latest member of its Visual 
Studio.NET family: C-, a C- 
like language written for sub- 
par corporate developers. 

"During the past three or 
four years, many businesses 
have been forced to hire sec- 
ond-rate programmers," said 
Jasper "mad cow" Holstein, 
Microsoft's junior product 
manager for C- (pronounced 
C minus minus). "We've 
known for a long time that 
those sub-par developers can't 
hack real object-oriented pro- 
gramming languages like C++. 
We tried creating an easier 
language for them to use, C#, 
which isjust like J ava only bet- 
ter. But frankly, a lot of those 
old COBOL and RPG pro- 
grammers just don't get it. 
Thus, Visual C-." 

U n veiled by M icrosoft chief 
software architect Bill Gates 
during February's magnitude 
6.8 earthquake in Seattle, C- is 



poised to rock the world for 
millions of inept programmers 
across the globe, said H olstein. 
"Ask yourself these simple 
questions: Can you use a 
mouse? Can you connect lines 
to circles? Can you find the 
semicolon on your keyboard? If 
you answered yes to at least 
two of these, then you can pro- 
gram in C-. N ot very well, but 
if you were any good, you'd be 
using C#. Right?" 

According to technical doc- 
umentation provided on 
Microsoft's Web site, C- 
offers developmentally chal- 
lenged programmers several 
benefits over C# or Visual 
Basic: simplicity, in that the 
only punctuation mark used is 
the semicolon and the IDE 
accepts only upper-case let- 
ters; fiscally responsible object 
orientation without an inheri- 
tance tax; type safety, in that 
the integrated development 
environment includes a spell 
checker; scalability, in that 
programmers can run their 
software on either notebook or 
desktop PCs; and full version 
control, because C- programs 



run only on the latest version 
of Windows. 

"The goal is to balance pro- 
ductivity and simplicity," said 
Holstein. "Since corporations 
realize that their bottom-tier 
coders aren't very productive 
anyway, C-- will help them do 
simple things. In our bench- 
marks, trained C- programmers 
can create a 'H ello, World' pro- 
gram with only 150 lines of code, 
and can have it running in less 
than an hour. Those same pro- 
grammers took nearly three days 
to perform that same task using 
C#, and most never got the C ++ 
version of 'H ello, World' working 
even after a couple of weeks." 

M icrosoft will be releasing 
the beta of Visual C--.NET on 
April 1, according to H olstein. 

Sun M icrosystems I nc. chair- 
man Scott M cN ealy, after 
watching the C-- introduction on 
CNN, hinted that his company 
had also been developing a 
watered-down programming lan- 
guage, code-named "AuLait," 
and that it and the J2WE 
(Java 2 Weak Edition) should be 
ready for public consumption by 
the J avaO ne conference. I 
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COMPANIES 



BMC Software Inc. and Business Layers will integrate BMC Soft- 
ware's Control-SA security management software with Business Lay- 
ers' eProvision Day One application, which connects employees and 
business partners with e-mail, files, applications and other tools. Inte- 
gration of both products will enable users to enforce secure employee 
access to business records by following proper access rights policies 
. . . Empirix Inc. and Gomez Inc. will jointly market a real-time Web- 
site monitoring service that combines Empirix's 
e-Test Web applications testing tool with ^^ •'" 

Gomez's Performance Network, a distributed f *J-»« ■ « 
monitoring infrastructure. With the service, developers will be able to 
recognize, isolate and resolve Web performance issues . . . Software 
AG Inc. and InfoSweep Consulting, a division of Planet Sweep Inc., 
will offer an XML product line that combines Software AG's Tamino 
native XML database server with InfoSweep's development and inte- 
gration consulting services. Software AG will also have access to Info- 
Sweep's customer base . . . Intercomp Software Inc. claims that its 
partnership with The A Consulting Team Inc. (TACT) will reduce Java 
training costs for COBOL programmers by more than 60 percent, by 
using Intercomp's WebIT tool to transform the presentation layer of a 
mainframe to a graphical user interface in Java and HTML . . . 
ActiveState Corp. has thrown its support behind the scripting lan- 
guage Tel, by providing consulting and development tools. It will also 
host a Tel community Web site . . . Wind River Systems Inc. is 
announcing changes to its Wind River Certification and Testing pro- 
grams for embedded developers. Information about the changes can 
be gathered from www.windriver.com/corporate/html/ct-reg.html . . . 
Rational Software Corp.'s Rational Unified Partner Program has 
released the Rational Unified Process guidelines to members . . . Ver- 
tical Sky Inc., a wholly owned subsidiary of Mortice Kern Systems 
Inc., will work with Documentum Inc. to integrate Vertical Sky's Evo- 
lution Management change and process management software with 
Documentum's 4i e-business platform to offer Documentum cus- 
tomers access to software-version control, simultaneous support and 
management of multiple development paths, integration of software 
development environments and flexible support of Web-based work- 
flow engines for developers. The plan falls under Documentum's Open 
Source Code Integration (OSCI) project . . . Gravitate Inc., a supplier 
of enabling technologies and applications for wireless services, and 
Informix Software announced a development, licensing and marketing 
agreement. As a result, Gravitate will offer a new, integrated database 
management product coupled with the spatially enabled Informix 
Dynamic Server. The combined solution will solve the problem of mov- 
ing point data and will give customers the ability to manage geospatial 
information on wireless mobile users referenced by latitude-longitude 
coordinates. 



PRODUCTS 



Compoze Software Inc.'s Harmony Component Suite version 1.2 

extends components and support for BEA Systems Inc.'s WebLogic 
Server 6.0. In addition, it includes group scheduling and task manage- 
ment, both of which support the iCalendar specification for interoper- 
ability . . . Infragistics Inc.'s JSuite 5.0, for use in AWT Java develop- 
ment environments or as JavaBeans, and JFCSuite 5.0, for use in 
Swing Java development environments, 
add a feature-rich presentation layer to 
their applications. Updates to the JFC- 
Suite JFCDataTable are also included; and 
JSuite components, including the new 
DataExplorerJ, can now be implemented 
into Web applications without writing code. Both JSuite 5.0 and JFC- 
Suite 5.0 cost $995. In addition, PowerChart version 2.0 for JSuite 
and JFCSuite, which can be sold separately, features sophisticated 
chart types such as bubble and scatter, and advanced features such as 
automatic congestion control. PowerChart sells for $695 . . . N-Ary 
Ltd. has relaunched its tagFusion product as tagServlet, a J2EE appli- 
cation that renders Web pages originally designed for Allaire Corp.'s 
ColdFusion application server. tagServlet sup- 
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SilverStream Focuses on Integration 



BY DAVID RUBINSTEIN 

L ooking to expand its position in 
the business integration market, 
SilverStream Software Inc. last 
month announced an upgrade to 
itsxCommerce integration serv- 
er and acquired technology that 



will help its reach extend into 
wireless and Web analysis and 
optimization tools. 

"xCommerce is a piece of 
our product line that we view 
above the application server, as 
part of an integrated applica- 



tion environment," said Silver- 
Stream CTO Amy E pstein. "I t's 
the servers and tools and appli- 
cation metaphor for getting 
applications built." 

xCommerce 2.5 interfaces 
with the Web through Java 



servlets and EJ Bs, E pstein said, 
while linking down to a compa- 
ny's back-end systems. This 
provides the capability for cre- 
ating Web services that tie 
together mainframe applica- 
tions for deployment on Silver- 
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Stream's application server, as 
well as BEA's WebLogic and 
IBM's WebSphere application 
servers, he added. xCommerce 
is based on a J 2E E framework 
that installs directly into these 
application servers and runs 
natively, he said. 

"Web services is a coming 
technology that will be an 
important new architecture," 
Epstein said. "We are clearly 
going to enable that architec- 
ture in the near future. We're 
working on the best way to 
deliver that, and we're poised to 
address it with xCommerce." 

SilverStream's vice president 
and general manager of e-busi- 
ness integration products, Fred 
H olahan, said that for now, Web 
services "make for great slide- 
ware. In terms of the adoption 
rate of those things, there's inter- 
est and experimentation and a 
lot of learning and figuring out. A 
level of comfort needs to be 
gained with this model for build- 
ing these Web services." 

H olahan said businesses will 
have to decide how much of 
what resides behind their fire- 
walls should be exposed as Web 
services, and what the competi- 
tive advantages are. "There's a 
lot here to digest and assimilate 
into IT thought processes," he 
said. From a tools perspective, 
H olahan added, SilverStream 
believes application develop- 
ment is moving into "a balanced 
world" of new component 
construction and application 
assembly from those compo- 
nents. "We're all getting com- 
fortable with the idea of assem- 
bly of things that already exist 
rather than creating things over 
and over," he said. 

xCommerce features design- 
er and server deployment com- 
ponents, along with enablers 
for Java Message Service and 
HTML. It is certified for the 
above-mentioned application 
servers running on Solaris and 
Windows NT, with support for 
AIX and H P-UX expected in the 
near future. The base price is 
$35,000 per server CPU and 
includes an embedded copy of 
SilverStream's application server. 

E -business integration is but 
onewayJ2EE application serv- 
er vendors are looking to differ- 
entiate themselves in a crowded 
marketplace. Last month, lona 
Technologies Inc. announced a 
similar initiative. 

In other technology devel- 
opments, SilverStream (www. 
silverstream.com) has acquired 
the wireless application software 

► continued on page 15 
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Microsoft Provides XML Access to OLAP Cubes 



BY DOUGLAS FINLAY 

Microsoft Corp.'s XML for 
Analysis specification not only 
extends its OLE DB for online 
analytical processes (OLAP) 
and OLE DB for Data Mining 
protocols beyond COM objects 
to enable access from the Web, 
it also permits Java developers 
to access critical business data 
from OLAP cubes built by 
SQL Server. 

"There's a trend in which 
companies are looking for infor- 

HP Bluestone 
Enhances 
Java Servers 

BY DOUGLAS FINLAY 
AND ALAN ZEICHICK 

Hewlett-Packard Co.'s Blue- 
stone subsidiary (www.bluestone 
.com) has released enhance- 
ments to its Total-e-Server 
J2EE-based application server 
and Total-e-Transactions, and 
has launched a new specialized 
server, Total-e-Syndication. 

The biggest change for the 
new 7.3 version of Total-e- 
Server, according to the com- 
pany, is that the server has 
passed Sun's J 2EE compatibili- 
ty test and now supports Sun's 
Java Development Kit (JDK) 
1.3. The app server also now 
offers a Web- based administra- 
tive interface to H P Bluestone's 
Applications Manager. 

In addition, HP has imple- 
mented Sun's Connectors speci- 
fication for this release, accord- 
ing to spokesperson Sherri 
Stuart. The new Total -e-Server 
distribution also includes a five- 
connection version of Progress 
Software Inc.'s SonicMQ JMS 
server, and the app server now 
supports Sun's J ava F orte devel- 
opment environment, Macro- 
media's D reamWeaver U ItraD ev 
and the Jakarta Struts model/ 
view/controller specification. 

Further, the company has 
upgraded its Java Transaction 
Service-compliant transaction 
server, Total-e-Transactions, to 
version 2.1, to add support for 
Portable Object Adapter (POA)- 
based object request brokers, 
such as I ona's rbix2000, as wel I 
as continuing support for Basic 
Object Adapter (BOA)-based 
ORBs. H P also added a module 
called Transactional Queue for 
Java, which the company de- 

► continued on page 14 



mation to be more competitive 
within a global environment," 
said John Eng, lead product 
manager for Microsoft's SQL 
Server. He described XML for 
Analysis as the next version of 
both its OLE DB for OLAP and 



OLE DB for Data Mining proto- 
cols, which provide access from 
several incompatible servers. 

Previously, M icrosoft allowed 
only COM objects to access SQL 
Server for analytical information, 
but that requirement has been 



considered a barrier to access to 
many other platforms and lan- 
guages, such as Java. But Tom 
Conlon, Microsoft's program 
manager of SQL Server business 
intelligence, said, "XML for 
Analysis can rely on XM L, SOAP 



and HTTP protocols to access 
data from the servers." 

The final XML for Analysis 
specification is available at 
www.microsoft.com/data and 
comes with an SD K and tools to 
develop applications using the 
specification. According to E ng, 
Microsoft intends to submit 
XML for Analysis to the W3C.I 
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A Model of Organization 

CA rolls four upgraded modeling tools into ERwin suite 



BY DAVID RUBINSTEIN 

By taking four of its modeling 
tools, enhancing them with new 
features and integrating them, 
Computer Associates Interna- 



tional I nc. has created what it is 
calling the only complete mod- 
eling portfolio in the market- 
place, the ERwin Modeling 
Suite version 4.0. 



"We're showing the market- 
place we're going to drive lead- 
ership in the space," said CA's 
Gregory Clancy, brand manager 
for application life-cycle man- 



agement. "It's about e-business 
development management, how 
organizations work." 

The four elements that make 
up the Windows-based suite, all 
version 4.0, are the E Rwin data 
modeling tool; the BPwin busi- 
ness process modeling tool; the 
Paradigm Plus component and 
object modeling tool; and 
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ERwin Examiner, which helps 
define and verify the quality of a 
data model, Clancy said. The 
enhancements to these tools, 
which Clancy said were signifi- 
cant, give organizations the 
capability to develop applica- 
tions of higher quality more 
quickly, he said, due to the dis- 
cipline that modeling brings to 
any project. They also help busi- 
nesses look at key issues such 
as productivity, allowing for 
processes to be designed in such 
a way as to take the most advan- 
tage of its resources. 

"Businesses can use the 
process modeling tools, and 
then make assumptions about 
how they want their IT depart- 
ments to align with the business 
model," Clancy said. "Now you 
can do it all in one suite. If 
you're an organization looking 
to buy a data modeling tool, 
how does it map with your busi- 
ness processes?" 

Among the new features in 
E Rwin are a glossary for the cre- 
ation of standardized names, 
definition of how the names will 
be implemented in the models, 
and a glossary checker to validate 
names based on the glossary 
entries. Also, ERwin includes a 
Datatype M apping Facility plat- 
form for transforming data 
requirements into physical de- 
signs. Further, ERwin 4.0 will 
introduce a M odel Explorer for 
managing large, complex models 
through the use of a catalog of all 
objects in the model organized 
into a model view, subject area 
view and a domain view. G raphi- 
cal tools for arranging models 
also are now included. 

BPwin features such en- 
hancements as support for 
Swim Lane process diagrams, 
support for organization charts, 
the ability to customize the pre- 
sentation of every supported 
diagram type, and a Report 
Template Builder to define 
reporting standards throughout 
an organization. Paradigm Plus 
features new support for com- 
ponent-based development 
methods and full support for 
UML, XML and XSL tem- 
plates. A Model Xpert, built 
into the modeling tool, helps 
developers keep their models 
semantically correct with sup- 
port for all U M L -based rules. 

CA (www.cai.com) is working 
on the pricing for the modeling 
suite, which is available now, but 
each product can be purchased 
separately. ERwin sells for 
$3,995; BPwin sells for $2,695, 
and Paradigm Plus and ERwin 
Examiner sell for $1,995. 1 
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Visual Studio.NET to Speak in Tongues 

Microsoft lays open plans to embrace other languages, tools 



BY EDWARD J. CORREIA 

When Microsoft Corp. released 
its first beta of Visual Stu- 
dio.NET last November, devel- 
opers had an opportunity to sam- 



ple what programming for the 
company's vision of the I nternet 
would be like in the future. N ow 
M icrosoft has expanded its vision 
with the introduction of the 



Visual Studio.NET Open Tools 
Platform, which has the potential 
to let third parties integrate the 
IDE with their applications, 
tools and even languages, as well 



as add their tools to the I D E . 

The Open Tools Platform will 
enable developers to customize 
the Visual Studio.NET environ- 
ment using a series of add-ins, 
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macros and wizards, and to cre- 
ate links to other M icrosoft ap- 
plications, such as Office and 
utlook, the company said. 

F or those seeking even deep- 
er integration, Microsoft has 
introduced the Visual Studio 
Integration Program, which 
offers a pair of software develop- 
ment kits for accessing the inner 
workings of its development 
tools. The Visual Studio I ntegra- 
tion SDK, which is targeted at 
development tool and language 
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The project browser can contain 
components that are written in 
different languages. 

vendors, reportedly will enable 
them to synthesize features of 
their own products into the I D E 
and to build applications that can 
be customized and extended. 

Tom Button, general manag- 
er of M icrosoft's developer divi- 
sion, said the ability to build flex- 
ible apps will be pivotal in the 
future. "Developers will need to 
deliver applications that can eas- 
ily adapt to the changing needs 
of their customers." The second 
prong of the integration program 
is the Visual Studio for Appli- 
cations SDK. According to Mi- 
crosoft, more than 30 companies 
have signed up for the program. 

One participant is open- 
source developer ActiveState 
Corp., which Microsoft report- 
ed is currently working on the 
integration of its versions of Perl 
and Python scripting languages 
into Visual Studio.NET, and 
understands the advantages of 
interoperability. "The Open 
Tools Platform enables our cus- 
tomers to exploit the full power 
of XML and Web services 
enabled by Visual Studio.NET," 
said D iane M ueller, ActiveState's 
director of productivity solu- 
tions. "Our Visual Perl and Visu- 
al Python IDEs allow program- 
mers to leverage popular open- 
source programming languages 
within the .N E T F ramework and 
offer support for Web services." 

The Visual Studio.NET beta 
is available to M SD N U niversal 
subscribers, and is scheduled for 
release in the second half of this 
year. Pricing has not been set. I 
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CapeConnect Generates SOAP for EJB Components 



BY DOUGLAS FINLAY 

Looking to ease less-experi- 
enced developers into the world 
of Web services, Cape Clear 
Software Inc.'s CapeConnect 
Two for J2EE Web-service 
platform automatically gener- 



ates Simple Object Access 
Protocol (SOAP) interfaces to 
Enterprise JavaBeans and 
CORBA back-end servers, to 
enable enterprises to publish 
their data to the Web using only 
VBScript and JavaScript, and 



XM L transformations. 

"To prosper, Web services 
must enable the less-sophisticat- 
ed developer to compose and 
publish data to the Web," said 
Annrai OToole, Cape Clear's 
executive chairman. H e said that 



if enterprises utilizing Java spec- 
ifications wish to publish to Web 
services, they usually have to 
enlist EJB developers, and that 
limits what they can do with the 
data. "But CapeConnect is an 
easy product for developers with 
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Visual Basic Script or JavaScript 
and XM L experience to bring 
out enterprise data and publish 
it," OToole said. 

H e said the program works 
by automatically generating 
SOAP interfaces and then 
building runtimes in order to 
take the incoming SOAP re- 
quests and dispatch them to 
J2EE and CORBA servers for 
interrogation. He said the 
SOAP interface is generated in 
a Java back end because there 
is generally enough informa- 
tion in the Java interface lan- 
guage to describe what it does 
so that a SOAP interface can 
be generated from it. 

Once enterprise data has 
been drawn from the servers, it 
can be customized to deter- 
mine precisely which data 
should be exposed to the Web, 
and which shouldn't. 

CapeConnect supports Web- 
service standards such as the 
Universal Description, Discov- 
ery and Integration (UDDI) 
specification and the Web Ser- 
vices Description Language 
(WSDL). "Once components 
are retrieved, CapeConnect 
uses the XML -based WSDL to 
define them and then publish 
them to the UDDI repository 
for access," OToole said. 

The CapeConnect Two beta 
is available now for Solaris 
and Windows at www.capeclear 
.com/capeconnect/beta. For the 
general release, pricing has been 
set at $5,000 for developers, and 
$10,000 per deployment CPU . I 

HP BLUESTONE 

< continued from page 9 

scribes as a lightweight queuing 
system that can handle nested 
transactions. For the latest re- 
lease, H P is also bundling M er- 
ant's SequeL ink 5.1 server-based 
database access middleware. 

The new Total-e-Syndication 
server, announced in M arch, is a 
Java-based content-distribution 
application based on the Inter- 
net and Content Exchange 
(ICE) specification, version 1.1 
(www.icestandard.org), which 
provides an XM L schema for 
distributing information be- 
tween publishers and sub- 
scribers. Total-e-Syndication 1.0 
pricing starts at $50,000 for two 
CPUs and includes an unlimited 
number of subscribers. 

According to HP, all three 
products were to be available 
by the end of March. I 
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lona Hopes to Build on J2EE Momentum 



BY DAVID RUBINSTEIN 

Hoping to sustain momentum 
in the wake of its total business 
integration strategy announce- 
ment, lona Technologies Inc. 
has finalized a pair of moves 
designed to help development 
teams create and deploy Java 
applications. 

To strengthen its suite of 
products, lona has incorporated 
Sun's F orte for J ava 2.0 C ommu- 
nity Edition development envi- 
ronment into its iPortal Applica- 
tion Server, allowing developers 
to build J2EE-based applica- 
tions. According to the compa- 
ny, lona (www.iona.com) will 
add an automated bean deploy- 
ment wizard and plug-ins for 
provisioning, assembly and con- 
figuration, which brings support 
for component-based develop- 
ment to the full application life 
cycle. Also, an XM L editor and 
support for Java servlets and 
J SPs have been added. The inte- 
gration is expected to be avail- 
able this spring. 

The agreement could serve 
to remove a weakness cited by 
Gartner Group research ana- 
lyst Massimo Pezzini in mid- 
February, that lona's ultimate 
success in the Web-service 
space will require develop- 
ment tools that will facilitate 
the creation of these services 
within lona's architecture. 

I n another improvement to 
the suite, I ona has made avail- 
able the iPortal OS/390 Server 
2.0 Java Technology Edition, 
which the company said will 
allow developers to integrate 
Java-based mainframe applica- 
tions with existing COBOL, 
PL/I, IMS and CICS applica- 
tions through the use of I ona's 
Orbix 2000 CORBA broker. 

SILVERSTREAM 

< continued from page 8 

division of Waptop H olding A/S, 
a Danish firm. Terms were not 
disclosed. "This brings another 
audience to existing applica- 
tions," Epstein said. "I don't 
believe there's a WAP phone- 
only application out there." 

Also, SilverStream has 
entered into an agreement with 
WebTrends Corp. to integrate 
the WebTrends Enterprise 
Suite into SilverStream's plat- 
form. WebTrends offers analytic 
and optimization tools to mea- 
sure performance and quality of 
Web applications. I 



Other features of the server 
include support for Java tech- 
nology in the OS/390JDK ver- 
sion 1.3; support for service- 
oriented architectures by 
using the CORBA standards 



IDL and Java mapping; and 
support for several CORBA 3 
features, including asynchro- 
nous messaging. 

While CORBA remains at 
the core of lona's business, the 



shifttoJ2EE that began in 1999 
has taken much more of the 
company's research and devel- 
opment dollars, Pezzini said. 

"lona now faces the chal- 
lenge of dramatically increasing 



its market visibility...," he said 
in a F ebruary report. "I ona will 
now compete against powerful 
megavendors [such as H ewlett- 
Packard, I BM , M icrosoft, Ora- 
cle and Sun] and established 
specialty vendors [BE A Sys- 
tems, Tibco, webMethods] all 
featuring a widely recognized 
brand and many partners." I 
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Microsoft Smart Tag SDK Discovers Web Services Using Office XP 



BY DOUGLAS FINLAY 

Microsoft Corp. may well be 
serving up a sneak preview of 
its future Web-service strategy 
with the release of the Smart 
Tag Software Development Kit 
(SD K) for the upcoming Office 



XP. The kit allows developers 
to build smart tags, or interac- 
tive links, that search databases 
anywhere on the Web, or with- 
in any Windows or Office XP 
applications, to discover rele- 
vant information about a sub- 



ject being worked on. 

"Smart tags are built on XM L 
syntax, and are developed to 
enable the discovery of words in 
databases on the Web or in 
other repositories that corre- 
spond to words or subjects be- 



ing worked on in applications," 
said Lisa Gurry, M icrosoft's pro- 
duct manager for Office XP, 
M icrosoft's next version of 
Office. She also said the SDK 
was a new opportunity for Office 
program developers to create 
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new applications for Office. 

She said developers create 
the criteria for smart tags by 
canvassing user needs, and then 
creating lists of words that cor- 
respond to the topic being 
worked on. When a person's 
name or an object such as a car 
is highlighted, the user can then 
click on the smart tag icon to set 
off a search for corresponding 
words in other databases on the 
Web— or in a Windows applica- 
tion— to discover more infor- 
mation about that person or 
object. The kit is available now 
for free at http://msdn. microsoft 
.com/office. Office XP is expect- 
ed to be available in June. I 

COMING SOON: 
ROSETTANET'S 
SEAL OF APPROVAL 

BY DOUGLAS FINLAY 

I s a vendor or service really in 
compliance with RosettaNet? 
When the RosettaNet Compli- 
ance Program from the Roset- 
taNet consortium is fully re- 
leased in October, you'll be 
able to check for the official 
seal of approval. 

The RosettaNet Compliance 
Program's goal is to "build a 
measure of compliance that dis- 
tinguishes between vendors that 
have solutions that are function- 
al and compliant and vendors 
that comply with only certain 
aspects of the standard," said 
Paul Teamen, RosettaNet's vice 
president of standards. Kimber- 
ly Trudel, vice president of 
industry products for WebM eth- 
ods I nc, a RosettaN et member, 
said the compliance program 
would be especially helpful to 
solution providers just getting 
started with RosettaNet (www 
.rosettanet.org), because they 
could now follow a set of pre- 
scribed guidelines. 

The compliance program 
will be rolled out in two releas- 
es. The first, due in J uly, will be 
a self-administered test add- 
ressing four areas: message ser- 
vice components, XM L gram- 
mar verification, XM L support 
choreography for message 
sequencing and load handling, 
and exception handling. 

The second release, sched- 
uled for October, will include 
details about the business bene- 
fits and responsibilities of the 
program, such as authority and 
logos, Teamen said. I 
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CA Improves Database Development Environment 



BY DOUGLAS FINLAY 

Computer Associates Interna- 
tional I nc. has added a number 
of enhancements to its I ngres 1 1 
database management engine, 
version 2.5, that increase both 
the size of the database and the 



concurrency of users, while also 
offering enhancements to its 
development tools. 

"Core database engine en- 
hancements to version 2.5 of the 
I ngres 1 1 database management 
engine include increasing the file 



sizes to more than 2GB, and 
caching up to more than 4GB 
without compression," said Shari 
Shore, Computer Associates' 
(www.cai.com) director of mar- 
keting for e-business platforms. 
Still another enhancement is 



the ability to load the database 
into read-only media. "Sales 
forces on the road don't want to 
have to take up their hard drive 
with I/O and tables," Shore con- 
tinued, "so we've made the data- 
base available to load on read- 
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only devices such as CD-ROMs 
and tape." Version 2.5 offers fur- 
ther enhancements to tempo- 
rary catalogs by supporting 
dynamic write-behind threads. 
"Before, developers had to pre- 
allocate the space to increase it. 
N ow it's dynamic," she said. 

The enhancements to I ngres' 
Visual M anagement Tools— 
GUI tools for administering the 
database in a visual setting- 
include new support of H P-UX 
and Solaris. Ingres ll's Enter- 
prise Access technology, which 
serves as a gateway, now sup- 
ports access to DB2, Informix, 
Oracle 8i and SQL Server. 

Further, version 2.5's repli- 
cation engine now permits 
replications to be made in a 
visual environment. 

Forthcoming to Ingres in a 
later version is enhancement to 
its Open Road, a graphics 
development tool that can be 
added on to an application serv- 
er, Shore said. 

The upgrades are free to cur- 
rent Ingres II users. For new 
users, prices for Ingres II ver- 
sion 2.5 start at $10,000 for the 
Unix version, and $2,500 for 
Linux and Windows versions. 
The database software is cur- 
rently available for HP-UX, 
Linux, Solaris and Windows 
NT; it will be coming to AIX 
this month, and to I Rl X and the 
Alpha VMS injune. I 

FORTE ADDS 
FLASHLINE 

Component vendor Flashline 
.com has added a little more 
muscle to the Forte for Java 
development portal by creating 
an exchange for add-ons, com- 
ponents and discussion groups 
using the Sun M icrosystems I nc. 
environment. 

Available at www.sun.com 
/forte/ffj/resources/marketplace 
are components to extend the 
functionality of the Forte for 
J ava I D E with new development 
tools, as well as a Java compo- 
nent marketplace that allows 
Forte developers to integrate 
prebuilt Enterprise JavaBeans 
and other Java components into 
the development project. 

The deal allows Flashline to 
reach the hundreds of thousands 
of developers who are said to 
have downloaded F orte for J ava, 
while Sun enhances the product 
by giving developers access to 
components that can help them 
build J ava applications. 

-David Rubinstein 




tools are created equal. 



AspQU htgln traveling down the Windows' 
Insiattnr highway, msfce swre you have ffle 
pQtftif you fteerf to reach your fritttHHtifi. 




Sofa-ln ins[:dl;LlMhri^V t -:^ 



Ofte* nsfalaiMn tools may gel yeuriaried irEing Wntops installer tBdmototfti Jwt otdy 
.Vie luu llw [www yfni fin-d, Ixtfh tcidiy ,r:d dnwl- Ihr- rCdd. Wia 1ni Wrtdrjwa bidbitlnr 
itf<ni s nail b vtsmL slpp-t^-slpp approach Id rr paling instate as w>* is the aMty in 
•^ *hd rti a% waft*? Eftsts&jfet i»ufr r&r camp, off* ptodud &ir&^ 

ttlE leu? Pt f emaiM^ 

Mlfeh addfiwel ledums Midi as kndiig edge NET support 1he rwtf cNwurU MS 
debugger fli'ajLiycL and Ihn utility Id f to]! it!i! youi riildldQktfi wrfh pur •Lrtmuli-'J 
sottem build pr ooesi Wm far Wmfcwa. IrtfWIer « Vm most powerlui md ccmpfets 
Wil'dOwi lri!iLHirf bddi rtn Lhu rojl tkin'l get !iil1 btflirtt 

Frttfi Hill SbfLplHihX Jfrti ftnleVJ v? L1W2*3 trlsia^cf fe£/iwklayj/. 



V 






i 



-'■**£ 



i*. * 



_1 



r|'^---"'X.f V;0 , i 


8 

IiIbbuI 


Hi 


l 




f 






Hi 


i 


ff / ■ &3m Vs 5 s ! >5 ¥S h « « 1 





Lineo" Advantages 



' 



"^ s- vV^^ 1 /^^^ 1 ' 



The world is full of devices that could use an IQ boost. 

Lineo makes that process faster, easier, and tess expensive with 

the best solutions for embedding Linux in all kinds of appfiances* 
devices, and systems. 

Add to that a global team of expert Linux consultants, custom 
engineering services, and world- class technical support, and you get 
an embedded systems solution that's as smart as the people who use 

it. So contact us today. And join the growing army of developers, who 
have chosen Lineo to help them Put Lmux Anywhere", 

CRLL FOR SERVICE. . . 



• Development Tools 

Embeds" and uClinux" SDKs, hard and soft 
real-time extensions, user interface layers, 
and vertical market modules. 

« Reference Designs 

I'-xrnut appliances, secure networking 
rooters, Avail is" High-availability clusters, 
and uCdlmm reference boards. 

• Processor Support 

ARM. PowerPCs Pentium, 5up0rH p 
StrongARM, IDT MIPS, DragonBall, 
Coldfire, 1960, MCOftE. rfti, and ETftAX 

■ Semiconductor Partners 

AMD, Hitachi, IDT. MIPS Technologies. 
Motorola, National Semiconductor, 
Sarn5ung h and ST Microelectronics. 

• Services and Support 

Glob*) consulting, custom engineering, 
technical support, and education. 

So what? 

Shortened lime to market, smaller footprint, 
lower costs,, and freedom from what was. 



£ i&j-Lin»,lfi L:*p<i fui l.i-i. i fl-jwipn I mbrtfiP uf hnui, Am Mi. 

,. ,i , - P 1 ,-*,, '.i|o in iihfttriiiti- *i if[iire**4 Httfr^Mfti- pi Ufcfi Ini 

in <hr U 1 jnd -clKr' nunh-fi L rui n i naii'lriad I ijdrnuk -sT Linu k 

■ . " ihii |J|i|pPHijri| |ir L i ■ ■ ■ J . r ■ ■> p i'.i" ll-p ■ r.|i ' .- . n -a-l.q 



Visit us at www.lineo.com or call 888,463,7 



f 



LINEO 



www.sdtimes.com 



. Software Development Times . April 1, 2001 



EMBEDDED NEWS 



21 



PointBase 3.5 Targets Data Outside Enterprise 



BY EDWARD J. CORREIA 

At the Embedded Systems 
Conference beginning April 9, 
database developer PointBase 
Inc. will be demonstrating 
PointBase 3.5, the latest version 
of itsj ava embeddable database 
engine that it says is now signif- 
icantly faster. And with it, the 
company will renew itsfocuson 
the management of data that 
resides in mobile devices out- 
side the corporate firewall. 

According to Cameron 
McEachern, vice president of 
marketing and corporate devel- 
opment at PointBase, the com- 
pany found that its corporate 
E customers have 
been hesitant to 
accept that an 
embedded rela- 
tional database 
could run in 
smaller systems 
PointBase is with the same 
not walking performance as 
away from its general-purpose 
traditional databases. "We'll 
base, says be showing a high 
McEachern. level of perfor- 
mance from a re- 
lational database on all sorts of 
devices," he said, including a 
Compaq iPAQ, and mobile hard- 
ware from Fujitsu. 

McEachern claims that the 
166MHz Fujitsu board, for 
example, which he said embeds 
Java within the board's chip set, 
"can run PointBase with perfor- 
mance equivalent to running on 
a 600MHz PC." 

But while PointBase is focus- 
ing on improving the perfor- 
mance of its database engine, 
McEachern said that the com- 
pany is not walking away from its 
traditional base. "Our position- 
ing is for data management out- 
side the enterprise, and with 
that come issues of synchroniza- 
tion, performance and specific 
methods of how you use the 
product. We have looked at the 
occasionally connected market- 
place and seen massive growth." 
PointBase views this as a 
proposition that's entirely dif- 
ferent from conventional data- 
base management behind the 
firewall, where it does not com- 
pete. "We think that there's a 
potential for at least three times 
more data to be outside the 
enterprise, such as calendars, 
customer inventory, general 
ledger and account informa- 
tion," all of which is constantly 
active data, he said. 



What sets PointBase apart 
from general-purpose databas- 
es, such as those from I nformix, 
Oracle and Sybase, claims 
McEachern, is that in addition 
to connecting to applications 



via JDBC, PointBase can 
embed within applications as a 
JAR file. "That allows cus- 
tomers to deploy our database 
with their application without 
the reciprocal administration 



and deployment costs that 
would be associated with our 
competitors. We're far easier to 
manage and far easier to use." 
PointBase provides a free 
evaluation version that is limit- 



ed to 5M B databases, and is 
planning to release a PointBase 
SDK within the next six 
months. The database costs 
$199 per user if priced individ- 
ually. Volume pricing starts at 
around $4,000. The evaluation 
version can be downloaded at 
www.pointbase.com/products 
/download/eval.html. I 
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Lineo Releases Embedix SDK 2.0 



BY EDWARD J. CORREIA 

At the Embedded Systems 
Conference in San Francisco 
next week, embedded Linux 
developer Lineo Inc. will 
announce the release of the 
Embedix SDK 2.0, an update to 



its software development kit 
that it says will feature a snap-in 
architecture, enabling compa- 
nies to tailor the environment to 
suit their hardware and software 
needs. Lineo also reported that 
it will broaden target processor 



and host platform support. 

According to Brad Chris- 
tensen, L ineo's director of prod- 
uct marketing, the extensible 
architecture not only will enable 
customization, but also will per- 
mit companies switching propri- 



etary development to embedded 
Linux to retain control of their 
projects. "Fifteen years ago, 
everything was roll-your-own; 
there were no off-the-shelf 
operating systems. Everyone 
was writing their applications to 
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run right on the metal," he said, 
adding that companies often 
were also developing their own 
operating systems. 

But, Christensen continued, 
as networking and hardware 
advanced, it became difficult 
for developers to keep up, forc- 
ing many companies to turn to 
off-the-shelf solutions. And 
while such solutions kept up 
with advances, developers "also 
gave up some things," he said, 
"like source code and control of 
their project." 

Joe Dobesh, an embedded 
engineer with Rappore Tech- 
nologies I nc, has seen some of 
that frustration firsthand with 
closed-code operating systems 
such as Windows CE. "I found 
that with Lineo, you can click 
a few icons on the screen 
and build an operating-system 
image. You don't get that with 
M icrosoft," he said. 

Indeed, Christensen attrib- 
uted much of the momentum 
of embedded Linux to develop- 
ers' desire to keep control. 
"They have to trust that what 
they were getting was reliable 
and as small as it could be. They 
also want to be able to own the 
source tree. Even if they don't 
intend to make any changes to 
the operating system, they want 
to be able to debug into it." 

Lineo also will enhance the 
SDK's target wizards, which will 
include precompiled libraries, 
improved conflict resolution and 
a new "getting started" wizard 
that automates the creation of 
common applications. In addi- 
tion, the company said that host 
platform support now will in- 
clude all major Linux releases, 
including Debian 2.2, Mandrake 
7.1, Open Linux 2.4, Red H at 6.2 
and SuSE 7.0. Also supported 
will be Windows NT/2000 hosts. 

Target processor support 
will include the ARM 7 and 
ARM 9, Intel x86 and I A/32 
models and their AM D equiva- 
lents, the IDT M IPS RC 32334, 
several Motorola PowerPC 
models, and the H itachi SH 3 
and SH4, for which Chris- 
tensen said Lineo has seen a 
growing interest recently. He 
added that StrongARM SA1100 
and SA1110 support will be 
available sometime in M ay. 

The EmbedixSDK, which is 
scheduled to begin shipping 
this month, will cost $4,995 for 
the first developer seat and 
$4,995 for each five additional 
seats. Lineo also will offer a 
fully functional 30-day version 
for free download at www.lineo 
.com/downloads. I 
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IBM to Seek Sun Certification for Visual Age 



BY EDWARD J. CORREIA 

Long an advocate of its own 
independently developed Java 
class libraries and J 9 low-profile 
virtual machine, IBM Corp. will 
soon begin offering Sun-certi- 
fied components in its next ver- 



sion of the VisualAge M icro E di- 
tion 1.3, the company's J2ME 
development environment. 

As a prelude, in February 
IBM included beta versions of 
CL DC and Ml DP in VisualAge 
M icro E dition 1.3. "We're seeing 



enough customer demand that 
we've decided to go ahead and 
produce a compliant, certifiable 
product," said Marc Erickson, a 
project manager with IBM sub- 
sidiary Object Technology Corp., 
which developed VisualAge. 



"Our goal is to offer our cus- 
tomers a choice," he said. "If 
they desire certified and compli- 
ant technology, we will provide 
what hopefully will be the best in 
the industry. And if they want 
more advanced J ava 2 stuff, we'll 
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provide that even before theJCP 
completes its standardization 
studies." Developers using the 
environment will have the option 
of using either set of libraries. 

IBM has submitted its imple- 
mentations of Sun's Connected 
Limited Device Configuration 
(CLDC) and Mobile Informa- 
tion Device Profile (Ml DP) to 
IBM's Hursley Laboratory, an 
independent testing facility 
within IBM that is working 
under license from Sun to test 
components. Together, the 
C L D C and M I D P specifications 
permit the creation of a runtime 
environment for resource-con- 
strained mobile devices. 

The company is planning to 
announce the Sun certification at 
next week's Embedded Systems 
Conference in San F rancisco. 

According to Erickson, 
customer concerns, both real 
and imagined, were responsi- 
ble for the decision to apply 
for certification. "We're now 
finding that a lot of customers 
are concerned— or are being 
made to be concerned, mainly 
by discussing this rather than 
finding out for themselves— 
whether [J 9] actually is a J ava- 
certified client." 

Erickson believes there will 
be a large increase in demand for 
embedded Java developers for 
the enterprise, and described 
two ways that companies can go 
about recruiting them. "One is to 
take an experienced embedded 
developer and have him learn to 
work in the VM environment 
and with the J ava language. The 
other is to take someone who 
has already been working in 
Java in the enterprise and help 
them adapt to the resource-con- 
strained environment of an 
embedded machine." The latter 
scenario, he said, might be the 
more likely: "If you look at the 
quantities of available develop- 
ers today, you'll find there are a 
lot more with J ava experience in 
the enterprise than those with 
embedded experience." 

What is likely to occur, he 
continued, is a convergence of 
the different types of developers, 
being driven by "companies that 
want to deploy services that are 
rendered or interact directly with 
devices," which he said include 
automotive systems and resi- 
dential gateways, most of which 
will be Java-enabled. "Once 
those basic systems are active 
and working, we'll see the enter- 
prise services come on board." I 
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WIND RIVER 

< continued from page 1 

whether it will halt work on its 
TurboJ ahead-of-time compiler, 
Wind River will continue to 
support and maintain the 
J Works stack, Bertholdt said, 
with J eode forming the basis for 
its new embedded J ava strategy. 



The decision to adopt J eode 
may not have been purely tech- 
nology driven, however. I n F eb- 
ruary, Wind River announced 
that it was part of a $4.7 million 
strategic investment in Insignia 
(www.insignia.com), which de- 
velops and markets accelerated 
Java solutions but is perhaps 
best known for its SoftPC and 



SoftWindows emulation prod- 
ucts. As part of the investment 
agreement, John Fogelin, Wind 
River's vice president of plat- 
form engineering, was placed on 
I nsignia's board of directors. 

F or its part, I nsignia will not 
only receive a large cash infu- 
sion, but will gain a significant 
customer. Ron Workman, In- 



signia's senior vice president of 
marketing, was excited about 
the deal. "Working with a very 
big partner with a major market 
presence like Wind River is a 
big win for Insignia," he said. 
"We've always acknowledged 
that the operating-system com- 
panies are the most obvious 
conduit to customers, so it's a 
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fulfillment of our overall busi- 
ness and commercial strategy to 
be working with them." 

According to Workman, 
J eode delivers powerful config- 
uration tools in addition a Sun- 
compatible JVM . "These allow 
the developer to configure the 
VM in terms of how much 
memory it can use, the size of 
the application heap, work- 
space needed for compilation, 
code buffer space" and other 
parameters. J eode also permits 
developers to "watch the be- 
havior of the virtual machine, 
probing inside to watch gar- 
bage-collection cycles, use of 
the heap and systems memory 
and so forth," he added. 

But above all, Workman said, 
J eode delivers performance 
thanks to its so-called dynamic 
adaptive compiler, which moni- 
tors J ava applications as they run 
and execute threads, and at 
appropriate points "dynamically 
compiles small fragments of 
code into native [code] so that 
the next time those branches are 
run, they run at native speeds." 
The dynamic adaptive compiler 
was a main area of Wind River's 
interest, he added. 

W hat J eode does not provide 
is the GUI, so Wind River will 
integrate its own. Bertholdt said 
he expects the tools to be avail- 
able sometime in the second half 
of this year. 

While Bertholdt said it was 
too early to comment on price, 
he did say that "the impact to the 
customer in terms of cost will be 
insignificant. We know that tech- 
nology alone is not going to help 
our customers. They have eco- 
nomic constraints to meet to be 
successful, and if we don't meet 
those requirements, the best 
technology doesn't matter." 

Bertholdt insisted that Wind 
River is not completely severing 
its relationship with Sun. "We 
are very committed to working 
with Sun. We are a close ally in 
the Java Community Process 
and are actively involved in dri- 
ving some of the J ava Specifica- 
tion Requests." 

From Sun's perspective, 
they're happy either way. "It's a 
good deal for Wind River and 
I nsignia, certainly, and it's a good 
deal for Sun, because we get to 
keep Wind River as an indirect 
customer," said a Sun spokesper- 
son. "We encourage companies 
like I nsignia to offer value-add to 
customers like Wind River," he 
continued, adding that such val- 
ue-added implementations are 
considered by Sun as an alter- 
nate distribution channel. I 
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QNX RTOS 6 Broadens Processor Support for Porting 



BY EDWARD J. CORREIA 

With the recent trend toward 
corporate downsizing, encour- 
aging developers to write effi- 
cient and reusable code is fore- 
most in the minds of software 
development managers. 



Answering the call is QNX 
Software Systems Ltd., which is 
preparing to release the QNX 
RTOS 6.0, the latest version of 
its real-time operating system for 
embedded applications. The 
new version will add ARM, 



SH-4 and StrongARM to its list 
of supported target processors 
that already includes MIPS, 
PowerPC and x86. M ore signif- 
icantly, the system reportedly 
will enable developers to port to 
any supported processor from 



an identical application code 
base. The announcement is 
planned for next week's E imbed- 
ded Systems Conference in San 
Francisco, where the company 
also will be demonstrating the 
new capabilities. 





According to Sebastien M ar- 
ineau, QNX's network commu- 
nications software architect, 
QNX has removed all but the 
essential, platform-specific code 
from its Neutrino microkernel, 
thereby optimizing portability 
of the remainder of the suite. 
"The only thing you have to 
worry about is device driver 
development," which he said 
also is partially automated with 
the help of wizards, macros and 
processor-specific header files. 

QNX adds self-hosting for 
x86 machines, which Marineau 
compared with the experiences 
enjoyed by Linux developers. 
"L inux developers love to devel- 
op on Linux. They can write, 
compile and debug code on a 
Linux box without having to 
reboot. They never have to wor- 
ry about downloading to targets 
or programming flash to do 
their testing." The same is true 
of Q NX-hosted PCs, he said. "A 
self-hosted model gives you a 
more productive 
environment sim- 
ply because you 
develop code on 
the same target 
you run it on so 
the development Self-hosting 
cycle is shorter." with QNX 

And while host- shortens the 
ing is limited to 
the x86 and not 
supported on oth- 
er target proces- 
sors, Marineau claims that 
QNX delivers the next best 
thing. "What we've managed is 
processor support for targets 
other than x86 from an x86 
host. It's cross development in 
that you're not targeting the 
same processor architecture, 
but it's a lot closer to self-hosted 
development because you're 
running QNX to target those 
other processors." 

M arineau admits that devel- 
opers always need to be coding 
with portability in mind. 
"There's no magic bullet in 
software; it takes some disci- 
pline. If you let your develop- 
ers do whatever they feel like, 
regardless of what you're using, 
they will run into trouble. If 
they make a commitment to 
writing portable code, all of the 
tools are there." 

The QNX RTOS 6.0 (www 
.qnx.com) is scheduled for re- 
lease in June, and the company 
will continue to offer the system 
for free to noncommercial devel- 
opers. The commercial develop- 
er price will start at $3,995 per 
seat, and runtime pricing will 
start at $50. 1 



development 
cycle, says 
Marineau. 
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Perforce Links to Defect Tracking System 



BY ALAN ZEICHICK 

Should software configuration 
management software help 
development teams keep track 
of defects? Perforce Software 
Inc. thinks so, and has devel- 
oped an add-in module for its 
SCM solution that provides a 
bidirectional link between 
Perforce and TeamShare I nc.'s 
tTrack defect-tracking system. 
The module, which was 
announced last month by 
Perforce (www.perforce.com), is 
called Perforce Defect Track- 
ing Integration, or P4DTI. 
According to the company, the 
module has been released as 

CYBER DIALOGS: 
INTERFACE DESIGN 
BY WEB AUTHORS 

BY EDWARD J. CORREIA 

If you've ever heard your pro- 
grammers complain about the 
complexities of modifying dia- 
log boxes in Win32 applica- 
tions, a solution may be at hand. 

Swedish software develop- 
er Buckland, Buchman & 
Backlund has released B3 
Cyber D ialogs, a GUI -based 
authoring tool that it claims 
makes customization of dialog 
boxes for Win32 applications 
so easy, even nonprogrammers 
can participate. 

The two-part system consists 
of a WYSIWYG authoring tool 
that presents palettes of 
DHTML elements such as but- 
tons, fields and labels for drag- 
ging onto blank target dialogs. 
Users also can create custom 
palettes and even custom com- 
ponents using the HTML com- 
ponent framework. 

The second part of the tool is 
the runtime, which is made up 
of a DHTML style sheet, two 
JavaScript files— both of which 
are linked to all program 
dialogs— and a C++ compo- 
nent, a D L L that acts as a host 
for Internet Explorer in a spe- 
cial window. Applications that 
use Cyber Dialogs must be 
linked to this dynamic link 
library, which uses the render- 
ing capabilities of I E to display 
the custom DHTML dialogs. 

The authoring tools (www 
.htmldialogs.com) are available 
now for Windows and sell for 
$79 per developer seat and 
include source code. The run- 
time component is free. I 



open source, and will be avail- 
able early this month as part of 
Perforce 2000.2. The module, 
which runs on both Unix and 
Windows, can also be down- 
loaded free with licensed or 
two-user Perforce Server, said 



the company, which plans to 
offer an integration kit that 
will allow developers to adapt 
P4DTI to other defect track- 
ing systems. 

According to Perforce, 
developers can now do rou- 



tine defect resolution working 
entirely from a Perforce 
client, from within an IDE, 
without switching to the 
defect management system 
and entering duplicate infor- 
mation; P4DTI links the 



changes that developers make 
via Perforce with defects 
tracked and managed within 
tTrack (www.teamshare.com). 

A single-user Perforce 
2000.2 license costs $600; the 
latest version of TeamShare's 
tTrack, 4.5, is priced at $599 
per user. Both products offer 
volume discounts. I 



Then... 



■*!' 


fin 


Tjcla. 


eLS 



?2 i&ft&s. 




Wr... 



%J 



Ik-li^k-lWtVI H ItmUhvI hi!a unttlllrii uwd ilhMIVteHKL 



.Xim funi-DL mo llh. a \tE!Et' 




Htfur^Su^W'IRI unK rrnunmmirTipnnfnMmiMil 




\\\vi iiinuni 1 curt vriHti. 1 [mi^rum^- 



Soft WIRE is to programming 
vvhal the browser was to the WliB 



f CwnfiNKr $QtftW&E fW*V — ^ it 



- ftirc Ji *»? far *irty SIM 






CLffcf ■f\Ajl r |Dp www.antEwjrrlcchrc-rayy.CD 

I ,,. -- ™^ II C:nmi:rty> UuJ-Jkb*-* M* ?Ii 



'.cam 
pbdhi im:>3 i ¥+:-!■;■:■: --in !yMi*4*-4Jp!<i 



Develop Better and Faster TODAY! 







/ 








VISUAL BASIC INSIDERS' TECHNICAL SUMMIT 



New York ♦ June 20-23, 2001 

Over 60 Sessions, Workshops 
and Events 

♦ .NET- What You Need to Know NOW 

♦ Develop Tomorrow's Web Sites Today with 
ASP, XML T SOAP and VB 

♦ Master Distributed Services and COM+ 

♦ Explore Data Access Tools: ADO and 
SQL Server 2000 

♦ Dive into Windows XP with the Industry's 
Leading Experts 



www.vbits/sdtimes 



Microsoft msdn FJP VISUAL BASIC 



lJHinruTi»n'irin 



C^pwrHion VfritSflnd Visual Base ft™pw?inw3 Jwrrtdwe negtaterrt tredGmorta oi Fe««ie 
lrcftnEtf FWihtfliofts. inc. Wwi Bejh: feus^d Dy Fwratto Itoc*vnc*i Pi^itcwna*^,, inc. nrfiv Ipw» 

fl fjan Mil f i i--:f I Al i UN -i 1 JirJOTOrKl* AH? tfW |Mf»ny tf ClTCll Hri0W W (Mfflflrc. 




www.sdtimes.com 



. Software Development Times . April 1, 2001 . 



SPECIAL REPORT: SECURITY 



33 





Security is critical concern 

during Web app 

development process 





BY LISA NADILE 



Forget the usual security buzz- 
words such as firewalls and virus- 
es. Maintaining security during 
an Internet-based application 
development process is some- 
thing programmers don't know much 
about, let alone even think about during 
those late nights fragging code. 

About as far away from H enry F ord's 
assembly line as possible, developers 
scattered across the country are writing 
and piecing together components and 
systems to create e-business and e-trans- 
action systems. 

"In this kind of development, you're 
taking a very important piece of source 
code and putting it out there for every- 
one to grab. So if you start e-mailing 
around source code, you are basically 
opening up the vault," said Bill F rench, 
chief architect of advanced collaboration 
at StarbaseCorp. 

The move now is to use content- 
management tools to track and orga- 
nize all the elements of a system's con- 
struction. Each assigned piece of code 
is tagged with a pedigree that tracks 
exactly who worked on it, when it was 
worked on and what was done to it. 

AN ACADEMIC ISSUE 

Somewhere on the quiet stately cam- 
pus of New Jersey's Princeton Univer- 
sity, a group of professors and graduate 
students are looking at a forgotten part 
of software development— analyzing 
how software components work 
together. The goal is to create ways to 
ensure security as application develop- 
ment evolves in the world of outsourc- 
ing and distributed environments. Ed 
F elten is an associate professor of com- 
puter science and the director of 
Princeton's secure Internet program- 
ming laboratory. 

SD Times: Where do you start when 
breaking such new ground? 

EdFelten: We started with basic research 
with regard to how software is construct- 
ed. We are trying to understand how 
much you can automate the analysis of 
the interactions between components. 




Components have become tracked, 
enumerated assets, just like automo- 
bile parts. 

Companies such as Merant Interna- 
tional Ltd., Rational Software Corp. and 
Starbase are lining up to add cryptogra- 



phy and authentication technology to 
change-management software. They are 
also combining work-flow and task man- 
agement with the high-level project 
management that is now required for 
large software system development. 



The mantra is catchy. "Know and 
authenticate who uses it, secure it, and 
never lose it," said French. New and 
expanded offerings let developers give 
each programmer an individual use 
policy, preventing wayward or mali- 
cious development or confusion when 
assigning tasks. 

Starbase (www.starbase.com) and its 
competitors now offer integrated de- 
ployment products along with their 
management software. M erant (www 
.merant.com) sells prepackaged Oracle 
applications. Publishing to one or more 
Web servers is automatic and access 
controlled, so no one can fiddle with the 
finished product. 

SEEING THE BIG PICTURE 

The gigantic product lists from Mer- 
ant, Rational and Starbase reflect the 
overflowing toolbox that application 
developers carry today. These compa- 
nies offer large suites that integrate 
across platforms and databases, and 
they can support a programmer's plans 
to work with nearly every component 
sold or known. So a department may 

► continued on page 35 




Ed Felten, Princeton University 



So you are developing a computer-based 
analysis... 

Right, that takes a look at the docu- 
mentation of two components and 
whether they'll work together, how 
they'll work together, or whether they'll 
just blow up. 
What sparked the project? 
One: a long-term interest in software 
security. Two: observing the componen- 
tization and outsourcing of software 
development. It seems to us from the 
study of real security failures that com- 
ponent interactions were a big prob- 
lem. Giving the growing complexity of 
the components and the scarcity of 
time left to programmers to learn about 
them, we are asking, what can you do to 
get people out of the loop and also do a 
more comprehensive analysis? 
Why automate it? 
Part of the problem is that doing this 



analysis by hand is not a lot of fun. Peo- 
ple who have the talent to create this 
kind of software analysis and under- 
stand how it works generally don't 
enjoy it. If you can automate it and get 
it done for them, then you let these 
people go and do other [more interest- 
ing work]. 

What is necessary in this automated 
analysis? 

One of the things we're struggling 
with is discovering what kinds of gen- 
eral methodology you can use. We 
know that people with some experi- 
ence can get a picture of the system 
and can figure out what kinds of ques- 
tions to ask to help them home in on 
where the bugs and security problems 
may lie. Our task is to harness that 
intuition. 

What is one thing you've learned? 
We found that problems often arise 




when a component has 
quirky or unexpected 
behavior that seems 
strange to the develop- 
er that is analyzing it. So we've learned 
to look at a design and ask, what would 
we have done differently? If you find 
such a place, it tells you one of two 
things: Either you don't understand 
what the component developer is try- 
ing to do, which is a learning opportu- 
nity, or the person doing the design 
made a mistake. 

Where there is quirkiness or unex- 
pected behavior, that is a place where 
security flaws are likely to occur. Just 
stamping out quirkiness, even if it 
seems harmless, turns out to be a good 
strategy. These microflaws are ways for 
an attacker to get handholds and pull 
himself up the wall into the system. 

-Lisa Nadile 
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JMS API Lacks Security, Encryption 



BY LISA NADILE 

Now that message-oriented middleware 
companies are jumping on the J ava M es- 
sage Service API's bandwagon, program- 
mers should take a moment to consider 
the security implications of this new 
specification. The moment will be a 
short one, as even Sun M icrosystems 



Inc. states in its specification that the 
first version of the API lacks security and 
encryption, and that adding such fea- 
tures is left up to individual vendors. 

TheJMSAPI allows message-orient- 
ed middleware systems to communicate 
using Java objects. The specification 
allows the developer to choose between 



two messaging domains— publish and 
subscribe, in which a client sends a mes- 
sage to a topic that is received by all 
clients classified as a subscriber; and 
point-to-point, in which a client sends a 
message to a queue from which it is then 
passed to another client. 

So the convenience of J M S, a set of 
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open-messaging APIs giving developers 
new opportunities for exchanging data 
across middleware systems, does not 
free developers from the task of design- 
ing their systems securely. 

"Developers have to treat software 
security as risk management from the 
beginning," said Gary McGraw, vice 
president of corporate technology at 
Cigital Inc., which sells security tools 
for software developers. "Even the best 
developers and architects have little or 
no security experience, through no fault 
of their own. It's just lack of education," 
he explained. 

McGraw advises administrators to 
adhere to the principle of least privilege, 
doling out access to data and processes 
only as necessary. The key is always to 
minimize any window of vulnerability, 
he said. 

The management tools are plentiful. 
IBM Corp.'s M Q Series message-queu- 
ing software and BE A Systems Inc.'s 
WebLogic application server already 
have support added to their flagship 
servers. Progress Software Corp. and 
F iorano Software I nc. also provide sim- 
ilar tools for building and implement- 
ing a general security policy using their 
J M S servers. 

Fiorano's messaging server, Fiora- 
noMQ, uses realms to create a user 
authentication and authorization center. 
A realm is a security abstraction that con- 
sists of a collection of users that are con- 
trolled by the same authentication policy. 
This technology enables administrators 
to design a role for each employee, con- 
trolling that person's ability to access data 
and administration functions. 

Both products manage a user's ability 
to work with data using Access Control 
Lists. For example, Progress' SonicMQ 
has an admin tool for setting the way in 
which developers can work with mes- 
sages in topics or queues. The manager 
can establish who is allowed to publish 
or subscribe to a topic, or who can 
receive or send information from a 
queue. MOM systems offer support for 
third-party firewalls, or they include the 
actual firewalls themselves. 

The level of the encryption varies 
among products. F iorano supports 128- 
bit SSL security, while IBM, Progress 
and others add encryption in other 
areas. For example, SonicMQ gives 
administrators the option to encrypt the 
data in the body of a message queue-by- 
queue or topic-by-topic. A message is 
encrypted only once, regardless of the 
number of subscribers. 

Progressive's middleware also can 
add a digest to a message that carries an 
encrypted key. A mismatch when the 
message and the attached digest are 
compared would indicate tampering. 

In the end, security boils down to 
attention to detail. Laziness will come 
back to haunt developers if the data 
store isn't backed up, the user accounts 
aren't freshened, and log files and audit 
trails aren't monitored. I 
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E-mailing source 
code is akin to 
opening the 
vault, says Star- 
base's French. 



< continued from page 33 

not know which part of the elephant it 
is building, let alone if it is indeed 
building an elephant. 

With outsourcing and third-party 
component marketing, the reality is that 
a large number of developers who have 
no concept of what the final product is 
are writing the code for it. 

For success, programming architects 
must build their application system in 
their minds and educate their staff. No 
management tool can help a project that 
lacks a clear vision. Without one, the 
security of the project and the valuable 
assets created are endangered. 

"M any people forget to focus on what 
their software is supposed to do," said 
Ed Felten, director of 
Princeton University's 
secure Internet pro- 
gramming laboratory. 
Someone has to give 
everyone the big pic- 
ture, he said. 

"One of the fre- 
quent causes of security 
problems in big sys- 
tems is unexpected in- 
teractions among dif- 
ferent parts of the 
system. So if the indi- 
vidual different parts 
are more complex than they need to be, 
then you're raising the risk of that kind 
of bad interaction," Felten said. 

Not only does this mean security 
holes in the end product, but the time 
spent on the initial work and the pro- 
grammer's sanity are also endangered. 

"This is really about understanding 
the goal of what the system is and the 
goal of what each piece of the system is. 
As you go through the process, careful- 
ly monitor where you are [in your 
plan]," Felten said. 

Using content management and 
work-flow tools can help you track (or 
backtrack) as you go through the devel- 
opment process; goals and designs 
change, he said, and you want to make 
sure each piece of the system reflects 
these changes. 

Starbase's French said it's also impor- 
tant to have milestone reviews of where 
you stand, and of what your design is. 
These don't have to be huge and formal 
things, but it's useful to have them. H e 
said programmers' secure development 
tools should help them meet their 
checkpoints safely. "StarTeam [Star- 
base's collaborative management plat- 
form] allows developers to take a slice 
of the versioning and classify it as 'Build 
One,'" he said. 

RAISING WELL-BEHAVED COMPONENTS 

Deciding the level of checks and bal- 
ances in the quality and security of the 
software all depends on the history of 
the components you're working with, 
said Felten. Using pieces from third 



parties, integrating them with one or 
more applications and one or more 
components written in-house is a logis- 
tical nightmare. 

"Say one of the components that 
you're using may have functionality 
that you don't need and are not even 
using in your particular installation, 
and yet there may be some way for the 
system to somehow tickle that unused 
feature and to cause trouble. One 



cause is the mishmash of the assump- 
tions that the different components are 
making about how the rest of the sys- 
tem behaves," he said. 

"If there is some dangerous or erro- 
neous condition that the system should 
be checking, which programmer is 
responsible for checking for that? For 
example, sometimes the conditions that 
a piece of the program needs to be true 
for it to work aren't checked. C hecks can 



fall through the cracks," said Felten. 

Project managers have to take a 
global view. They have to drill down into 
the components to see what the actual 
behavior really is, and often they need 
to go beyond what the first-level docu- 
mentation is. According to Felten, re- 
search is an extremely important area, 
not only from a task-management 
standpoint, but also from a user-authen- 
tication standpoint. I 
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EDITORIALS 

Free Fall 

This week, as this newspaper is put to bed, the N asdaq 
stock market closed below 2,000 for the first time in 
more than two years. Remember the headlines when the 
N asdaq broke 5,000? It's hard to believe that only a year 
ago, the technology world was euphoric over an exploding 
market, and forecasters proclaimed the dawning of a 
"new economy" that would expand forever. 

Those forecasters, with their "buy" and "strong buy" 
ratings for dot-coms whose business plans contained the 
words "IPO" more often than they contained the word 
"revenue," were wrong. They were wrong in April 2000, 
when the N asdaq dipped below 4,000. They were wrong 
in November 2000, when the market fell below 3,000. 
And they were wrong in M arch 2001, when the numbers 
went south of 2,000. H as the market hit bottom? We hope 
so, but we hoped so last N ovember, too. 

What to do now? First, stop watching the ticker. The 
financial news isn't going to be good anytime soon— so let 
your corporate executive team worry about your stock 
price, or the stock price of your customers and suppliers. 

Next, look for places to improve efficiency. When 
the market recovers, the winners will be those compa- 
nies who can deliver products and services in a much 
more transparent world. Thanks to XM L and Web ser- 
vices, businesses and consumers alike will expect their 
suppliers to be better connected, fully integrated and 
highly accessible. 

Take advantage of the downturn's calm to assess your 
existing information systems, to see where they can be 
streamlined and polished, and where standards- based 
interfaces can be installed to handle the next wave of 
innovation. Retool, don't replace. View the budget- 
crunched times ahead as an opportunity to incrementally 
improve, to refactor, to test, to plan. 

That's a more productive use of time than wishing 
you'd liquidated your portfolio 13 months ago. 



Secret M essages 



Thanks to the miracle of modern middleware and the 
family of interlocked XM L specifications, messages 
are now whizzing around your corporate LAN between 
databases and application servers, between message 
servers and app servers, and between app servers and 
Web servers. M any of those messages are in plain text. 
Who is reading them? And is anybody spoofing them? 

As hackers learned by studying the I E TF 's e-mail stan- 
dards, it's not difficult to mimic a user's e-mail headers 
and I P address. H ow difficult is it going to be to slip false 
messages into a fully distributed environment that 
encompasses disparate and closed systems linked via the 
I nternet, as well as legacy systems on corporate networks? 
N obody knows, but it's a sure bet that programmers and 
computer scientists— both black hats and white hats— are 
working on the problem. 

There are risks inherent in a message- passing distrib- 
uted computing environment, and whether one is talking 
J M S or M SM Q, being "fully standards compliant" is no 
protection against hostile elements seeking to disrupt or 
corrupt your middleware. U nless vendors can present you 
with a bulletproof scheme, be sure that middleware secu- 
rity is factored into your development and testing process. 
And remember, trust nobody. I 



GUEST VIEW 

SNEAKING IN PEER TO PEER 



These days, just about every 
software company with staff 
to spare is pulling together a 
peer-to-peer product. No one 
knows for sure how many com- 
panies are claiming their piece of 
the P-to-P turf, but it's safe to say 
that more than 100 have already 
jumped into the game. 

About half of them, 
by our estimate, are 
rolling out new file-shar- 
ing technologies, anoth- 
er quarter are going for 
groupware plays, per- 
haps 10 percent to 15 
percent are staking out 
content management, 
and the rest are spread 
across a variety of functionalities. 
No one's sure which approach 
will work and which will get in 
the IT department's door first. 

Though they're loathe to 
admit it, many P-to-P vendors 
are making the assumption that 
IT managers are ready to adopt 
this new technology today, based 
mostly on the "cool" factor. Few 
have defined well enough which 
pressing business problems 
aren't being addressed by cur- 
rent technology, and why P-to-P 
can do the job better. 

We don't think traditional 
vendor channels will be enough 
to carry P-to-P over the barrier 
during the next sixto 12 months. 
While companies may buy soft- 
ware with P-to-P components 
included, we don't think they're 
going to pick up enterprise-level 
software and run with it on their 
own, particularly given the cur- 
rent lack of standards for secure 
peer-to-peer connections. 

Besides, P-to-P's potential for 
facilitating sharing that isn't easi- 
ly absorbed into existing work 
flow is a bit threatening for cor- 
porate bureaucracies. At its phil- 
osophical roots, P-to-P is a 
method for organizing chaotic 
activity, and who wants to con- 
fess to supporting anarchy? 

Still, there is a way that the 
software vendors can get some 
traction with full-featured, inno- 
vative enterprise P-to-P, and the 
IT manager can test out the 
technology— through what we'd 
call a "stealth adoption." P-to-P 
is more likely to slide in the door 
through quiet, unofficial use by 
individual users and workgroups, 
with trusted forms of filesharing, 
collaboration, content manage- 
ment and so on becoming de fac- 
to standards long before the Big 
Cheeses decide to buy. 




ANNE 
ZIEGER 



little 



Those following Linux can 
already see this phenomenon 
at work. Sure, Linux enterprise 
adoption is growing dramatically, 
and the numbers that studies 
measure come from the "legiti- 
mate" adoption through stan- 
dard IT channels. 

But penguinheads 
will tell you that the 
more compelling Linux 
progress is happening 
at the grass-roots level, 
quietly and without 
much institutional invol- 
vement. As moles drop 
in Linux under a depart- 
mental intranet here or 
a Web server there, 
by little, companies are 
joining the revolution without 
firing a shot. 

When it comes to P-to-P, 
there are at least three categories 
of applications that work with a 
stealth approach. For one thing, 
IT departments can choose to 
turn a blind eye when employees 
begin to experiment with legiti- 
mate lightweight file-sharing 
systems on the desktop. We're 
not suggesting that they let N ap- 
ster eat their bandwidth, but 
rather that enterprise-oriented 
file-sharing clients like that 
developed by BadBlue (www 
.badblue.com) be given a place. 
Another stealth option is P-to- 
P community software, such as 
the free interaction tool offered 
by Hotline Communications Ltd. 
(www.bigredh.com). On the 
whole, these technologies are no 
more intrusive than the average 
threaded discussion, but they 
offer more options. Dropping in 
a link to such a P-to-P tool to a 
Web site— which offers a wealth 
of person-to-person tools— is an 
inconspicuous way to boost your 



users' P-to-P communication 
habits without taking a big risk. 

Still another way we see P- 
to-P sliding into enterprises is 
through the use of external dis- 
tributed computing networks. 

We think IT managers will 
quietly begin to rent a few clock 
cycles out of house within the 
next few months, long before 
they might have otherwise been 
able to give this technology a try. 
C utting a deal to test out distrib- 
uted computing networks is 
nowhere near as disruptive as 
trying to drop new software onto 
a score of your desktops. 

Vendors such as Parabon 
Computation I nc. (www.parabon 
.com) have set themselves up as 
vendors of distributed comput- 
ing on demand, and their num- 
bers are likely to increase. 

Overall, we are by no means 
suggesting that larger P-to-P 
apps and proprietary technology 
are doomed from the outset. 
Ultimately, we believe that a 
large number of enterprises will 
warm up to the more complicat- 
ed apps, especially once they 
share a common security lan- 
guage and perform a well-known 
set of corporate functions. 

In the meantime, though, 
companies have a chance to 
learn a great deal about the log- 
ic of P-to-P in their enterprises, 
even if the learning isn't done in 
a formal testing environment. 

And that isn't necessarily a 
bad thing; after all, if people 
like an app enough to sneak it 
in the back door, it probably 
deserves support. I 

Anne Zieger is principal ana- 
lyst at Peer to Peer Central 
Reach her at azieger@peer 
topeercentral. com. 



Shannon's Legacy: 



BY LARRY O'BRIEN 

Claude Shannon, who as much 
as anyone deserves to be called 
the Father of the Information 
Age, died F eb. 24 at the age of 
84. Shannon's 1948 paper, "A 
Mathematical Theory of Com- 
munication," can be reduced to 
the sound bite of introducing 
the word "bit," a word as funda- 
mental as "atom." Princeton 
physicist John Wheeler has 
gone so far as to say that "every 
it— every particle, every field of 
force, even the space-time con- 
tinuum itself— derives its func- 



tion, its meaning, its very exis- 
tence entirely— even if in some 
contexts indirectly— from the 
apparatus-elicited answers to 
yes-or-no questions, binary 
choices, hits." 

Reducing the paper to a 
sound bite (compression of sig- 
nals is another subject intro- 
duced in the paper that has 
deep physical implications) does 
it an injustice. You need look no 
further than the proliferation of 
unscalable point-to-point archi- 
tectures to see that the world is 
filled with people who don't 
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LETTERS TO THE EDITOR 

OPEN SOURCE STILL MATTERS 



I disagree with some of the con- 
clusions J. D. Hildebrand draws 
in "Does Open Source Still Mat- 
ter" (March 1, page 27). But 
then again, I would, given my 
position: I have been the co- 
leader and developer of a very 
large open-source project (Sam- 
ba, the Windows file and print 
server that runs on U nix) for sev- 
en years, and have some idea 
about how this model works. 

He is correct in saying that 
the venture capitalists and peo- 
ple looking to make a quick 
buck have gone, but that's no 
bad thing. The real strength of 
open source is that it doesn't 
depend on these people; it just 
quietly and slowly goes about 
making the software better for 
the people who want to use it. 

J .D . also contends that 
open-source software develop- 
ment is no better than propri- 
etary work, and isjustasslowat 
delivering product. 

It's true that many high-pro- 
file open-source projects don't 
get released as quickly as people 
hope. I 'm as guilty of that as any 
other developer. The difference 
is that the idea of a fixed sched- 
ule doesn't really apply here. 

Yes, I know that business 
people need schedules to plan, 
but the reality of software 
development is that it doesn't 
work that way; it never has. The 
illusion that it does work that 
way is maintained by propri- 
etary companies that will ship 
on a given date, no matter what 
the state of the software and 
how many bugs it has. 

I worked for many years in 
proprietary software develop- 
ment and have seen internal 
practices (static arrays, buffer 
overruns) that would make any 



open-source developer give up 
in shame. We simply don't have 
the privacy to create software as 
bad as that. 

I liken the difference be- 
tween proprietary software and 
open source to the difference 
between alchemy and science. 
Back in the 17th and 18th cen- 
turies, alchemists were really 
researching chemistry and 
physics but didn't know it. They 
didn't share results, they didn't 
consistently apply the knowl- 
edge gained, with the result 
that they were isolated individ- 
uals. The scientific method 
changed all that and caused the 
rapid development in technolo- 
gy we enjoy today. 

I see the state of software 
development as being similar to 
that early competition between 
alchemy (closed-source devel- 
opment) and science. Eventual- 
ly the scientific method will win 
out, as the benefits become 
inevitable. 

I've done both closed- and 
open-source development, and 
I know which produces more 
robust and reliable software. 
And they both take the same 
time to make. Which would 
you prefer? 

Jeremy Allison 

Samba Team 

J .D . H ildebrand is correct in his 
statements regarding the true 
benefit of open-source software. 
Indeed it is about customers 
regaining control over their own 
destiny. I think that going for- 
ward, this is going to be even 
more important than the fact 
that the software is "free." 

The model of returned con- 
trol has the net benefit of really 
affecting business models in a 



The Bit 

understand fundamental capac- 
ity calculations, much less how 
Shannon's entropy equations 
directly relate to point-to-point 
search strategies. The media 
industries could save a lot of 
money in their search for intel- 
lectual property protection 
schemes by taking to heart 
Shannon's observation: "If the 
channel is noisy, it is not in gen- 
eral possible to reconstruct the 
original message or the trans- 
mitted Signal with certainty by 
any operation on the received 
signal E." I n other words, if you 



can play it, you can rip it. 

The paper (which you can 
read at http://cm. bell-labs 
.com/cm/ms/what/shannonday 
/shannonl948.pdf) is a treasure 
trove of practical knowledge for 
Internet engineers to this day. 
And it's only right to acknowl- 
edge the passing of one of the 
giants upon whose shoulders 
we stand in our day-to-day 
struggle to keep our Web ser- 
vices up and running, our e- 
mail inboxesfrom overflowing, 
and our cell phones from going 
off in movie theaters. I 

Larry O'Brien is a regular col- 
umnist for SD Times. 



positive way. For instance, 
should a company wish to move 
from one vendor to another, they 
are not penalized because they 
must reinvest in software costs. 
What should not be overlooked, 
however, is that they can and 
should continue to pay for con- 
sultative services that help to 
meld both business practices and 
technology together (meaning 
that both the business process 
and the technology must merge 
together to have good cohesion, 
thereby making a particular 
implementation successful). 

It is great finally to hear 
someone with a good voice in the 
area of IT make this statement. 

Michael Hay 

Palladium Solutions Inc. 

J.D. Hildebrand said that "You'll 
never get anyone to admit it, but 
the truth is that a high percent- 
age—perhaps half— of all open- 
source projects were started 
simply because open source 
was fashionable." 

They would not admit it, 
because it is false. M ost open- 
source projects (of any value) 
started long before it was fash- 
ionable. Linux, Apache, Send- 
mail, Perl, etc., have been 
around for years. He may be 
talking about commercial com- 
panies that have started open- 
source projects in the last year, 
but that is hardly even 5 per- 
cent of what is being done (see 
freshmeat.net). The fact is that 
75 percent to 90 percent of 
open-source projects are start- 
ed by developers because they 
could not afford existing solu- 
tions, or had issues with how 
they were done. Only a small 
portion of what the open- 
source community does is 
because it's fashionable. 

H e also said that many com- 
panies and projects were op- 
portunistically launched as 
open-source trial balloons with- 
out much thought about return 
on investment. I agree, and this 
does seem to indicate that he is 
not talking about the open- 
source/free software communi- 
ty. The problem is his lack of 
making any clear distinction, 
and leads many to think he is 
talking about both. If he is talk- 
ing about both, he needs to 
realize that the open-source 
community starts projects 
based on need, not based on 
finger-in-the-wind projections. 

J.D. said that the justifica- 
tion for moving to open source 
never made much sense, 
because the purchase price of 
the operating system is a small 



part of the overall cost of an 
enterprise data system. It's true 
that the greatest cost is indeed 
in maintenance and training. 

But I disagree that moving 
to open source doesn't make 
much sense. On the server side, 
it has been my experience that 
the total cost of ownership has 
dropped significantly since we 
moved to Linux at the server. 
D owntime has plummeted, and 
the remote admin abilities of 
Linux have cut down the need 
to have full-time staff at remote 
sites. We have also found that 
building redundant servers is 
easier and cheaper, and gives us 
the much needed uptimes we 
have been experiencing. 

H e said that although open- 
source software may indeed save 
a little bit of money, the savings 
aren't sufficient to justify the dis- 
ruption and cost of changing. 

This is the same argument 
that IBM used to make about 
moving to PCs. As you are prob- 
ably aware, the benefits were not 
immediately "in your face," but 
the net gain is immeasurable. 
One of the hidden advantages to 
moving to open source, for our 
company, is that the IT staff is 
more excited. Plus, all the team 
is now learning to program, and 
is now better able to step in and 
consult our development teams 
on how to better write apps that 
must live on our network. Simply 

► continued on page 45 

Letters to SD Times must include the 
writer's name, company affiliation and 
contact information. Letters may be 
edited and become the property of BZ 
Media. Send to letters@bzmedia.com, 
or fax to 516-922-1822. Please mark all 
correspondence as Letters to the Editor. 

CORRECTIONS 

Jon Radoff is chief technology 
officer at E prise Corp. H is title 
was incorrectly reported in a 
March 1 article ("XML: Tread 
With Caution," page 23). 

Sleepycat Software Inc. is 
making version 3.2 of its Berke- 
ley DB database available at 
www.sleepycat.com. The Web 
address was incorrectly report- 
ed in News Briefs in the March 
1 edition (page 5). 

Starbase Corp. is launching a 
home-grown peer-to-peer collab- 
oration solution. A headline on 
page 7 of the M arch 15 edition 
incorrectly indicated that the 
solution was being eliminated. 

The price of Upspring Soft- 
ware Inc.'s M agnify for Quality 
Service is $50,000. 1 1 was incor- 
rectly reported in the M arch 15 
edition. ("Forget Testing, Pre- 
vent Defects" page 25). 
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ALLAIRE'S PRACTICAL J2EE 



As we have discussed in previous 
columns, the market for Java 
application servers based on J2EE is 
starting to fracture into distinct seg- 
ments. Sitting at the top of the heap is 
the 800-pound gorilla, BE A Systems 
I nc.'s WebLogic. There used to be two 
big gorillas— the other being IBM 
Corp.'s WebSphere— but there is so 
much air space now between IBM and 
BE A that WebSphere can be described 
only as one of the pack. 

The rest of that pack is trying to find 
unique niches to fill in a desperate effort 
at differentiation. Persistence Software 
I nc, for example, has chosen the path of 
high performance enabled by its use of 
unique caching mechanisms. Other 
J 2E E vendors, such as U nify C orp. and 
H ewlett-Packard Corp.'s Bluestone sub- 
sidiary, are still formulating their unique 
value proposition. 

OneJ2EE vendor that has differen- 
tiated itself particularly well is Allaire 
Corp., whose Java application server, 
J Run, is now in its third release. J Run 
3.0's unique proposition is practical, 
easy-to-use J 2EE. Allaire, whose flag- 
ship product line consists of advanced, 
easy-to-use Web development tools, 



applied its core talents to designing an 
implementation of J2EE that you can 
load and go. (Old-timers will recall the 
phrase load-and-go from the early days 
of computing. They are also likely to 
rue how rarely this phrase comes up in 
computing anymore, most especially in 
the context of enterprise software.) 

I recently had cause to install a J Run 
3.0 on a Web server running 
Apache. Installation consisted 
of stepping through a thought- 
fully designed wizard, answer- 
ing some questions that were 
thoroughly explained in the 
installation manual, accepting a 
few defaults, pointing it at the 
Apache server and hitting 
"Enter." Literally 10 minutes 
later, I was running JSP on the Web serv- 
er. I was impressed. N o other J ava server 
has done this so elegantly or so easily. 

The admin console is also remark- 
ably elegant. Rather than confronting 
you with the common barrage of a 
hundred esoteric parameters that 
you're not likely to want to touch 
much, the J Run console is tabbed by 
feature set in an easy-to- navigate for- 
mat. All choices have extensive help 
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facilities to explain exactly what you 
are changing and what the considera- 
tions should be. 

I n addition to the online help, J Run 
has numerous manuals in PD F format, 
and access to the Allaire Web site's 
knowledge— all directly from the 
admin console. Consistent with this is 
the accessible, informative and plenti- 
ful printed documentation that comes 
with J Run. It made me hanker for the 
old days— when you'd get a stack of 
modules, go sit in a chair for an 
hour or two and read through all 
the various things the software 
was capable of. It's a pleasure 
real techies can never forget, no 
matter how much paper is 
eschewed by today's vendors. 

Because] Run is designed for 
ease of use should not suggest 
that it is limited or for beginners 
only. J Run scales to four-processor 
servers, can perform connection pool- 
ing and has add-ons that allow it to be 
run on clustered servers (complete 
with load-balancing features). The 
product has a full implementation of 
some aspects of J 2E E that are normal- 
ly neglected, such as a fully operational 
server for the Java Message Service 
and instructions on how to use J Run as 
your messaging server. There is no 



doubt in my mind that Allaire got it 
right with J Run. Developers can down- 
load a free version that is complete and 
not time-locked from Allaire's Web 
site. The product is limited to three 
simultaneous connections, but in all 
other aspects is identical to the full 
J Run server. 

A separate add-on is J Run Studio, 
which is an advanced development 
environment built on the same tech- 
nology as Allaire's HomeSite HTML/ 
Cold Fusion Markup Language 
(C F M L ) I D E . Since Allaire started out 
as a tool company, Studio is a manifest- 
ly good product. 

The quality of the tools brings me to 
the one concern I have about the prod- 
uct: its future. Allaire is on the brink of 
finalizing its acquisition by Macrome- 
dia Inc., the marquee name in Web 
development tools. The acquisition 
itself makes a lot of sense. Users of 
Macromedia's Flash, Dreamweaver 
and Freehand products often use 
Allaire's tools as well. However, will a 
tool company continue to develop and 
advance the first really practical J2EE 
server on the market? Time will tell. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works LLC. Reach him 
at abinstock@pacificdataworks. com. 



CIGAR SMOKE AND CDs 



Tony Soprano is back on TV, still 
puffing a stogie and maneuvering 
through gangland and family stress. 
This, even after all the setbacks that 
were dropped on his pear-shaped 
shoulders last season. 

Strangely, a few months into 2001, 1 
have been getting a similar vibe from 
Microsoft Corp. While the robber 
barons of Redmond had a tough year 
in 2000, it doesn't seem to have 
slowed them down very much, judging 
by the spate of product and beta re- 
leases spewing forth from the Mi- 
crosoft campus. 

To recap, these releases run from 
the minor to the major, beginning with 
Service Pack 5 (SP5) for Visual Studio 
6.0. Again, that's a service pack for 
Visual Studio 6, not some kind of early 
upgrade to Visual Studio.NET. SP5 
includes all fixes from SP1 to SP4 and 
also has new bug fixes for C++ 6.0, 
FoxPro, Visual J++ and more— all 
available at http://msdn.microsoft.com 
/vstudio/sp/vs6sp5/default.asp. 

Microsoft's marketing cheerleaders 
tout this as a sign that the company will 
live up to its promise of supporting 
older product platforms even after the 
release of new lines, but let's face it: 
This early in a game that's not going as 
smoothly as it expected, M icrosoft real- 
ly doesn't have a choice. 

Somewhat more enticing is the 



recent release of XM L for Analysis. 
This toolkit, which Redmond is billing 
as an extension of its OLEDB for 
OLAP and OLEDB for Data M ining, 
is a start along Microsoft's intended 
path to provide XM L -based integration 
of analytical databases across multiple 
application layers. That just means 
that your data warehouse can now live 
in more than one back-office dump 
site without your applications 
needing a road map. 

Redmond designed XML 
for Analysis to use not merely 
generic XML and HTTP, but 
the specific combination of 
these two as SOAP. Admittedly, 
that's a mixed bag. Technically, 
SOAP is an open standard, but 
in reality Microsoft's BizTalk 
Server is the only back-office platform 
really using it. 

On the other hand, there are more 
SOAP developments on the way from 
third parties, and XML for Analysis 
does give a foreshadowing of .NET 
coolness by allowing the movement of 
data to applications written in C++, 
Java, Visual Basic and even C#. If it 
works as advertised, this could be a 
truly big step in Microsoft's quest to 
push SQL Server 2000 and Windows 
2000 forward as high-end database 
platforms. But that's still not all that 
M icrosoft has recently put forth. 
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Along with its news of the impend- 
ing Windows XP platform, Redmond 
has expanded the beta preview pro- 
gram of its Office XP package, previ- 
ously known to some as Office 10. 
According to Redmond, there are 
more than 500,000 users of Office XP 
in the works right now. You've got to 
wonder what the "end task to full 
reboot" ratio is there. 

But though I may scoff for the 
cheap laugh, Office XP does have 
potential in that it's supposed to not 
only increase its never-ending 
feature set but also better 
integrate network and local 
information sources. It's also 
supposed to improve Web col- 
laboration, especially Web- 
based annotation and e-mail. 
Sounds good, but I've got two 
gripes with this package. 
First, the new applications 
have again been dubbed for their 
release year, meaning we'll soon be 
using Word 2002, Excel 2002 and so 
on. Guys, Word 2000 has a ring to it. 
Word 2002 doesn't. M y other problem 
is the rumored 10 CDs' worth of beta 
applications. When is enough really 
enough? The Office suite today con- 
tains more features than anyone can 
reasonably use. Pretty soon we'll need 
a streamlined Office Baseline for those 
of us who just want to get work done 
instead of poring over thick tomes 
of Office feature arcana. 

But is that all for Redmond? Nope. 



You can also find a full release of Back- 
Office Server 2000 as well as a beta 
of the Windows 2000 Server Appliance 
Kit, neither of which we'll talk about 
here because they interest mostly 
network managers and hardware devel- 
opers, respectively. Instead, let's talk 
about perception versus reality. Mi- 
crosoft was perceived to be on the 
ropes last year, but it clearly hasn't 
slowed down in the slightest on the 
development front. 

And while M icrosoft was perceived 
as having taken a hit on its core operat- 
ing-system product line due to the 
introduction of Windows 2000 and the 
popularity of Linux, that isn't reality 
either. According to IDC, Redmond 
is actually doing extremely well on the 
operating-system front, not only in- 
creasing its server operating-system 
shipments, but increasing them at a 
rate significantly faster than the market 
in general— 20 percent in 2000, to be 
precise, compared with a general mar- 
ket rate of only 13 percent. Only Linux 
experienced a similar growth rate, 
and it still has a ways to go to catch 
Redmond's market share. 

Are you getting the picture? The 
strong are still strong. The FBI may 
think it's got Tony, and Linux may think 
it's mauling Windows, but it's really just 
business as usual. I 

Oliver Rist is vice president of product 
development for rCASH in the REALM. 
Reach him at orist@mindspring.com. 
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NON-OPTIMAL XSLT 



I'm a big fan of XSLT, the XM L transfor- 
mation language that neatly separates 
the implementations of the Web inter- 
face from the back-end system. 

The idea of XSLT is that the user's 
browser will download both the content- 
bearing XML and the presentation- 
bearing XSL stylesheet and do all the 
complex pattern-matching and restruc- 
turing that is necessary to turn out a 
great-looking Web page. 

Unfortunately because XSL-support- 
ing browsers are still not ubiquitous, the 
practical implementation of an XSLT- 
based site requires server-side transfor- 
mation of XML and XSL into HTML. 
Furthering the misfortune, the perfor- 
mance of server-side XSL transformations 
is getting a dubious representation. 

Colleagues Joe Dean, who had some 
"troublesome" XSL from a poorly per- 
forming site, Ken Bannister, architect of 
an XSL -based educational portal, and I 
thought it would be valuable to bench- 
mark various styles of XSL transformation 
across different XM L parsers and XSL 
transformers. Specifically, we wanted to 
compare the performance of procedural 
stylesheets (which emphasized xskfor- 
each constructs) against declarative style- 
sheets (which emphasized xsl:apply-tem- 
plates). We guessed that one way would 
be significantly faster than the other. 



The first thing we discovered was that, 
for all the "virtual office" Web sites and 
even distributed point-to-point group- 
ware, nothing beats an .htaccess-protect- 
ed Web directory and e-mail. In retro- 
spect, I was surprised that we didn't use 
instant messaging more— while I'm not 
impressed by instant messaging for point- 
to-point business conversations, it does 
work well for conference calls, especially 
when everyone in the conversa- 
tion has programmer-level typing 
skills! I began experimenting with 
a shareware screen-movie pro- 
gram (Hypercam from Hyperi- 
onics.com) to compare some of 
the tools available, but found it a 
little underpowered for use in 
real-time capture of the "flow" of 
using an application. In the end, 
text, HTML and GIFs were sufficient for 
us to rapidly share information. 

After Joe provided an overview of the 
worst-performing stylesheets, we stripped 
the XM L of any identifying data and ran 
the stylesheets on our separate machines. 
This was the first confounding task: Not 
only did we all have notably different per- 
formances, but in isolation, the XSL trans- 
form times were acceptable— never more 
than several hundred milliseconds. Sure, 
from a programmer's standpoint, that's a 
long time to transform a data structure, 
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but as part of a Web service, it's accept- 
able, especially assuming that the server 
architecture provided for caching the 
results of the XSL transformation. 

Such an assumption might be prema- 
ture: I don't believe that any major Web 
server software has built-in support for 
server-side XSLT. Instead, one typically 
uses servlets or CG I to activate an XSLT 
delivery framework, such as Cocoon 
(from http://xml.apache.org). While 
there's nothing wrong with that in theo- 
ry, performance problems on large Web 
sites often stem as much from 
the slew of disparate products, 
each with its own caching and 
scaling strategy, as from the 
actual volume of data being 
delivered. This is not to point 
the finger at Cocoon, but to 
make the general point that a 
Web site's architecture should 
be as simple as possible but no 
simpler, as E instein once said. 

We used XSLTMark (www.datapower 
.com/XSLTM ark) as a timing framework, 
and we quickly found our second con- 
founding issue: The performance of the 
Java-based XSLT transformation engines 
seems largely determined by the underly- 
ing virtual machine. When Ken switched 
our Linux investigation from Sun's VM to 
the Blackdown VM , he saw an increase by 
a factor of 7! On Win32, switching be- 
tween the classic and Hotspot VMs 
showed me a fourfold difference in speed. 



It was clear that we had made the classic 
mistake of theorizing about performance 
without checking a profiler. 

We used Sitraka's J Probe profiler, 
which showed that memory management 
with the older virtual machines consumed 
a shocking amount of time, dominating 
the overall performance of the program. 
Tracing our way into the profiles, we 
found the actual amount of time con- 
sumed by the two types of XSL trans- 
forms was both minimal (about 7 percent 
of the total time) and almost identical 
between the two styles. This was far too 
small a hook on which to hang a definitive 
investigation of XSLT style, and we reluc- 
tantly put the project on the back burner. 

Of course, there's no such thing as a 
failed experiment, and we did manage to 
unearth some solid advice for server- 
side XSL architects: Use a C-based 
transform engine if possible, and if not, 
be sure to run your J ava- based engine on 
a newer virtual machine. Examine the 
interactions of all the pieces of your 
server-side architecture and see if those 
interactions might be causing overall 
performance slowdowns. And as far as 
XSLT style goes, both declarative and 
procedural are just fine. I 

Larry O'Brien, the founding editor of 
Software Development Magazine, is a 
software engineering consultant based 
in San Francisco. Reach him at 
lohrien@ email, com. 



PROVING OPEN SOURCE STILL MATTERS 



I am still reeling from the response to 
my March 1 column, "Does Open 
Source Still M atter?" (page 27). 

I n that column, I ticked off a handful 
of obvious and well-known reasons that 
companies and IT managers have used 
as justification for launching or joining 
open-source projects, and dismissed 
each as insufficient to compel a move to 
open source. 

I concluded by identifying the one 
key benefit that makes open source a 
superior, essential choice for individuals 
and corporations: control. When you 
choose open source, you retain control 
of the essential software functions that 
your business relies upon. No vendor 
can tell you when to upgrade. N o vendor 
can shut you down by failing to fix bugs 
or security holes. No vendor can lock 
you into a strategic direction that has 
everything to do with the vendor's well- 
being and nothing to do with yours. If 
you have the code, you have the power 
to protect yourself and make your own 
decisions. Given an open-source alterna- 
tive, why would anyone choose closed- 
source proprietary software? 

To put it plainly: The free-as-in-beer 
benefits of open-source software are not 
the important benefits. It's the free-as- 
in-speech benefits— the freedom to cor- 
rect the software and adapt it to your 
needs— that make open source essential. 



I received more than 100 responses 
to the column, thanks in large part to the 
online news-digest site Linux Today, 
which highlighted my article with an 
out-of-context extract that made it look 
as if I thought the entire open-source 
movement was hooey. 

M y inbox contained the usual accusa- 
tions: I am bought and paid for 
by M icrosoft's marketing depart- 
ment. I am part of a vast closed- 
source conspiracy. I am dedicat- 
ed to spreading FUD. My 
parents— well, let's just say that 
certain members of the open- 
source community feel free to 
use colorful language and ad 
hominem arguments about peo- 
ple they don't know whenever they feel 
misrepresented in the press. 

SUBSTANTIVE RESPONSES 

The most thoughtful responses came to 
my assertion that using open-source 
software— Linux, for example— doesn't 
really save a person or company much 
money. I n M arch, I said, "I n retrospect, 
this justification for moving to open 
source never made much sense. The 
purchase price of the operating system 
must be the smallest part of the overall 
cost of installing and operating an enter- 
prise data system, dwarfed by training 
costs, support costs, the cost of change 
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and other factors. Every analyst has 
a proprietary total-cost-of-ownership 
model, and everyone's equation is slight- 
ly different. But they all show that the 
low cost of acquiring free software is not 
a significant benefit when amortized 
over the lifetime costs of the system." 

Some readers angrily responded as if 
I had written that Linux has a higher 
total cost of ownership than Windows. I 
never said that; instead, I simply pointed 
out that the purchase price of an 
operating system is a small part 
oftheTCO. 

A couple dozen thoughtful, 
articulate readers made a con- 
trary assertion. Linux, they told 
me, has a much lower TCO than 
Windows. Linux is more stable, 
so it requires fewer staff-hours 
to keep it up and running. It 
doesn't subject users to too-frequent up- 
grades, because Linux isn't produced by a 
corporation that needs a continuous 
stream of upgrade revenue to survive. 
Linux boxes typically run multiple jobs on 
a network, so you need fewer servers than 
you would need if your operation were 
based on Windows. Linux users tend to 
use free productivity applications, so the 
reduced cost of that software must be fac- 
tored into it. And on and on. 

I believe these readers were faithful- 
ly reporting their own experiences. But 
ultimately, they haven't proved anything 
about TCO. 

In fact, there is evidence to support 



the notion that Windows-based systems 
enjoy a lower TCO. User, administrator 
and developer training are plentiful and 
cheap for Windows. Device support is 
much better, so Windows users have a 
wider range of hardware and peripherals 
from which to choose. Initial setup is 
simpler and less expensive. All of these 
factors, and dozens more I haven't 
thought of, could make an investment in 
Windows more cost-effective than an 
investment in Linux. 

(Note to flamers: I haven't said Win- 
dows is the better choice. There's still 
the issue of control, which you cannot 
have with Windows at any price.) 

WHAT THE LINUX COMMUNITY NEEDS 

All of this points out the need for a com- 
prehensive, credible, longitudinal study 
of the real cost of running a business 
with open-source versus closed-source 
proprietary software. 

Such a study can be funded by the 
open-source community, but it must be 
conducted by a third-party research firm. 
And the open-source community must 
commit now, before seeing the results, to 
publishing in full the analysts' findings. 

We've all heard Linux zealots claim 
total-cost-of-ownership advantages. Now 
it is time for them to put up or shut up. I 

J.D. Hildebrand is the former editor of 
such publications as Computer Lan- 
guage, Unix Review and Windows Tech 
Journal. Reach him at jdh@sdtimes.com. 



Meet the Java Developer's Boss 



A few years ago he thought Java was just another 
language craze, the next phase in the battle be- 
tween Microsoft and Sun. But last year he seeded 
a few development teams with Java 1.1. Not only did 
the developers find the C++- like language easier to 
work with, but the apps proved to be stable and port- 
able once JVM compatibility issues were worked out. 
Besides, the CIO has made it imperative that all of 
the company's legacy apps be Web-enabled and that 
means across different platforms too. Maybe Java is 
more than just the latest Silicon Valley buzzword. 

He's been studying Sun's new J2EE release with some 
excitement. Now he's ready to let one of his develop- 
ment teams use J2EE and Enterprise JavaBeans to 
create a CRM system - deployed across the Web, of 
course. One of his biggest challenges won't be technical: 
corralling the Java programmers, who until now have 



had complete freedom to choose their own favorite 
tools and libraries, into adopting company standards. 
Not only do standards mean better consistency during 
the development process, but also volume discounts, 
better tech support, and more effective training. 
That's why he now insists on signing off personally 
on any new Java purchases. 

The Java journals? No thanks. The last thing he needs 
is programming tips, hunks of code, and blind, self- 
serving enthusiasm. He needs a wide-angle view of 
the entire spectrum of application and software 
development tools and he needs a rational, balanced 
outlook on future Java developments and how they 
fit into the enterprise. He needs to know the trends, 
the products, the alliances, the NEWS, and what it all 
means. That's why he reads SD Times. 
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AFFECTING USE CASES 



Use cases have been a staple of the 
object-oriented analysis and design 
world since the 1980s, when I var Jacob- 
son took a concept he developed in the 
1960s and applied it to the general re- 
quirements-gathering process. More re- 
cently, use cases were incorporated into 
theUM L spec, with lots of stick figures to 
show who is doing what to whom. 

That's both good and bad, according 
to Alistair Cockburn. H e's glad that man- 
agement understands the value of use 
cases— after all, he makes part of his liv- 
ing teaching seminars on effective use- 
case writing. But it's bad, because the 
U M L treats use cases in a graphical man- 
ner, whereas he asserts that use cases 
are primarily a text-based construct, 
designed to tell a simple story in words, 
not in pictures. The U M L's use-case stick 
figures, circles and ellipses should evolve 
out of text-based use-case descriptions, 
he says, not the other way around. 

To that end, Cockburn wrote "Writ- 
ing Effective Use Cases," to serve both 
as a stand-alone resource and as the 
tutorial for his two-day use-case semi- 
nars. I can't attest to its value as a text or 
to his skills as a teacher, but he's certain- 
ly done a fine job of explaining how use 
cases can define the scope of a project, 
capture the actions and interests of all 
parties, and then present functional 



requirements to the programmers. 

Cockburn uses several visual analogies 
to help describe his concept of a proper 
use case, and of different hierarchies of 
use cases. Sometimes he uses too many 
classification schemes, and they 
get in the way of clarity. In the 
introduction of the book, he 
labels very high-level summaries 
with a little cloud diagram, sum- 
maries with a kite, user-level 
goals with squiggly lines meant to 
represent sea level, a sub-func- 
tion with a fish, and a too-gran- 
ular function with a bottom- 
dwelling clam. Cute. Later he introduces 
another five-level organization scheme 
with white and gray houses, white and 
gray cubes and a screw, to show organiza- 
tional, system-level and component-level 
development. And there's a third scheme, 
based on colors: white, blue, indigo and 
black. Too much! 

What I particularly like about this 
book is that it's not theoretical in nature, 
it's pragmatic, as Cockburn's attempt to 
simplify matters with his various analo- 
gies demonstrates. He provides many 
examples of both casual use cases, ideal 
for a smaller development team or in- 
house projects, and "fully dressed" use 
cases, which follow a very rigid format 
and which can potentially be used for 
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contractual requirements documenta- 
tion. He even shows examples of use 
cases written by practitioners in the 
field— to demonstrate that there's a lot 
of latitude in the use-case format. 

A particularly well-done section is 
toward the middle of the book, where the 
author gets right into the action steps that 
make up an effective use case. 
Use simple grammar, he says. 
Show clearly which actor istaking 
the action— but write from a 
bird's-eye perspective, not from 
the vantage point of either the 
actor or the system. Show how 
the process moves forward. 
Demonstrate the actor's intent, 
not the specific movements. 
D on't become too bogged down in minu- 
tiae. Use the word "verifies" rather than 
"checks"— it's amazing the difference in 
understanding intent that this one word 
can make. And so on. 

A very short chapter, only 
two pages long, addresses a 
very key element of writing 
use cases: determining when 
all of the requirements have 
been captured. I 've seen situa- 
tions in which nobody wants to 
say, "Well, we're done." Cock- 
burn neatly lays out five tests that should 
help all parties know when the job is 
complete. N ice and simple. 

A lot of "Writing Effective Use Cas- 
es" is like that. Cockburn clearly prefers 




a prose treatment of use cases, but if you 
don't like to write prose, he shows dif- 
ferent tabular formats for capturing the 
same data. If you don't like bullet points, 
he shows how you can write use cases as 
a series of "if-then" statements, in the 
outline format used by the Rational Uni- 
fied Process or even in the Occum pro- 
gramming language. As long as the 
information is clearly and unambiguous- 
ly presented, there's more than one way 
to define requirements. 

I s the book perfect? Well, no. I n sub- 
tle ways, Cockburn varies what many 
developers will consider "canonical" use- 
case terminology. It's not always clear 
when what you're reading is according to 
J acobson, according to the U M L specifi- 
cation, according to generally accepted 
industry usage or according to Cockburn. 
D oes that make a difference? N ot really. 
Just bear in mind that Cockburn's first 
mission is to help businesses 
and developers write effective 
use cases, and that styles will 
vary from company to com- 
pany. As long as you don't view 
this book as a standards docu- 
ment, you'll find it to be well 
worth the money. I 

"Writing Effective Use Cases," Alistair 
Cockburn. Addison-Wesley, 2001. Trade 
paper, 270 pages, $34.95. 

Alan Zeichick is editor-in-chief of SD Times. 
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< continued from page 1 

consulting scientist at OMG 
member I onaTechnologies I nc, 
said the changing boundaries of 
component interaction require 
an architecture that allows 
enterprises to preserve the 
investments made in software 



development after platforms 
and boundaries shift. "If you 
hard-wire technologies into 
components, you can get stuck 
when the technologies change," 
he said. F or that reason, F rankel 
added, it is important for appli- 
cation development teams to 
come up with models that are 
platform independent. As exam- 



ples, F rankel cited the evolution 
of M icrosoft Transaction Server 
(MTS) to COM +, and changes 
in the EJB specification be- 
tween versions 1.1 and 2.0. 

M D A, Soley said, is built on 
CORBA and UML, and all 
processes will use existing open 
standards. There are currently 
99 separate standards and 



processes underlying M DA, he 
said, including OMG's M eta- 
Object Facility (MOF); XML 
M eta-D ata I nterchange (XM I ), 
which allows for the transfer of 
object models and meta-models 
through standard XML Docu- 
mentation Type Definitions 
(DTDs); and Common Ware- 
house Metadata (CWM) inter- 
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change, for database schemas 
and data warehousing. 

MDA advocates say that 
there are numerous advantages 
to using U M L to create models 
that are independent of the 
middleware implementation, 
and mapping the model to the 
specific platform on which it is 
to be deployed. Among these 
are cross-platform interoper- 
ability, increased reuse of the 
design and implementation, 
and reduced cost of application 
development and management. 

"Real organizations have to 
use multiple middlewares," said 
Andrew Watson, vice president 
and technical director at OMG 
(www.omg.org). "The idea is that 
[M DA] is not exclusive of any- 
thing." Mapping UML to stan- 
dard technologies such as XM L 
and CORBA is pretty straight- 
forward, according to Watson— 
in fact, UML mapping for XM L 
is commercially available today, 
he said. However, mapping to 
proprietary technologies will 
present a challenge if the infor- 
mation is closely held, he said. As 
for mapping to M icrosoft's .NET 
platform, Watson said OMG will 
make a decision based on popu- 
larity and demand. "If there's 
demand as it materializes and we 
can get a reading on how impor- 
tant it'll be to real organizations, 
we'll channel our resources 
accordingly," Watson said. 

Watson believes the architec- 
ture will be particularly useful 
for the maintenance of XML 
DTDs. Watson added that using 
MDA will enable enterprises to 
see how the modeling process 
and business functions relate to 
each other in a platform-neutral 
way, allowing each to change 
and evolve without a thought to 
how either will be deployed. I 
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< continued from page 1 

Meanwhile, WebLogic En- 
terprise 6.0 combines WebLogic 
Server 6.0 and Tuxedo 8.0 to 
provide both a comprehensive 
J 2EE -compliant and a non-Java 
environment for developing 
applications in Java as well as in 
COBOL, C and C++. "This 
application server is for large- 
scale business-critical applica- 
tions, not simply for department 
applications that M icrosoft pro- 
vides servers to," Kiger said. 

Both servers will be available 
in July. The Tuxedo Transaction 
Application Server is $575 per 
concurrent user. Pricing for the 
WebLogic Enterprise Server 
was unavailable at press time. I 
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< continued from page 37 

put, the excitement and free 
nature of open-source operating 
systems have energized our 
team. We no longer hear, "Win- 
dows NT can't do that, sorry." 
N ow we hear, "Well, it doesn't do 
that now, but let's make it start." 
This is a serious culture change, 
and a beneficial one. 

He said that the jury's still 
out on the issue of productivity 
gain. This is hard to say so 
clearly. True open-source pro- 
jects tend to be done when they 
are done. pen sourcing a com- 
pany's internal app may not gain 
it anything at all. The gain is 
when other developers and 
companies want to join in with 
the project. W hen this happens, 
the benefits are amazing. The 
productivity of a single develop- 
er might not go up, but the pro- 
ject would usually be done in 
less time and with less cost than 
a single company would have 
been able to do. 

Dan Kuykendall 

phpGroupWare Project Leader 

OGS Project Leader 

FortisUSA 

I first encountered Linux in 
1995, when I worked for a SCO 
VAR. SCO had doubled their 
prices, changed their licensing 
model, discontinued products 
that we depended upon for our 
business and otherwise screwed 
us over. Linux represented an 
opportunity to take back con- 
trol of our business. Besides, it 
ran our SCO software faster 
than SCO Unixdid. 

Price wasn't really an issue 
for us. Control was. My boss 
swore that he would never put 
our company at the mercy of 
somebody else ever again. 

Eric Lee Green 

Software Engineer 

Enhanced Software 

Technologies Inc. 

J.D. Hildebrand wrote, "Ray- 
mond's arguments were more 
convincing when open-source 
projects were being updated at 
a brisk clip. But now everyone 
knows that version 2.4 of the 
Linux kernel was delivered 
more than a year behind sched- 
ule. Somehow, the vast power 
of thousands of programmers 
did not come together to deliv- 
er the kernel update in a week- 
end as Raymond seems to say it 
should have." 

The 2.0 and 2.2 kernels were 
just as late. Linus [Torvalds] 
gave the guideline (not a dead- 



line, as in proprietary systems) 
because he didn't want to drag 
out 2.4 the way he did 2.2. 2.2 
hit the street l l h years after he 
said he would like to see it done. 

The culprit on all three was 
feature creep: Linus' unwilling- 
ness to say "E nough!" to all the 
nifty new things people like to 
code into each kernel. In terms 
of lines per day, the 2.4 project 
was the most productive and 
fastest development cycle yet. It 
was a remarkable achievement. 
Meanwhile, 2.2.19, for those 
who prefer maturity over new 
stuff, is out now, and 2.0.39, for 
those who just plain don't want 
to put their companies through 
the changeover, is about a month 
old. Those who maintain 2.0 
have finally told us this will be 
the last of that branch. 

Other projects, like Samba, 
Apache, GNOME, KDE and 
the rest are experiencing un- 
precedented growth. What you 
could have mentioned is an issue 
we have all seen and is worri- 
some, that free and open-source 
development lags as the projects 
leave the infrastructure. I believe 
it happens because a relatively 
smaller number of application- 
type users are also programmers. 
The office suites, personal finan- 
cial software, games, etc., are 
slower going. To me this is where 
the copyleft idea breaks down, 
and more than one of us would 
like to see proprietary software 
fill the gap in applications. 

Tim Hanson 

L inux 2.4 wasn't really delivered 
behind schedule. Linus [Tor- 
valds] has been slightly bashed 
in the press lately because of 
a perceived delay. The truth is 
that Linux 2.4 never had a 
schedule as companies and 
management typically think of it 
(despite the offhand remark 
Linus made that everybody 
seems to want to hold him to). A 
schedule seems most often 
defined by either cost concerns 
(e.g., fixed cost bid) or time-to- 
market or some other analysis 
that has nothing to do with the 
actual work that will be done to 
complete the project. Neither 
methods of schedule are accu- 
rate or usually even reasonable. 
These forced schedules typi- 
cally mean that software is deliv- 
ered buggy and incomplete and 
tend to leave a wake of weary 
and cynical software developers. 
Linux and most other open- 
source projects typically take the 
approach that they have a prob- 
lem they are trying to solve and a 
set of features they would like to 



see. The project then moves for- 
ward toward those goals and only 
"ships" the software when the 
people involved feel it is good 
enough to place into a mainte- 
nance mode. I've personally 
found that a stable version of an 
open-source program is much 
less buggy and much more com- 
plete than an equivalent com- 
mercial program (except for 
rather trivial programs where 
open source and commercial 
tend to have about the same 
quality). This more than makes 
up for any perceived lateness 
since software that is forced to 
be on schedule simply means 
that it doesn't yet work and so 
isn't really on time anyway. 
Charles Stanhope 

IT'S ALL OUR FAULT 

I n response to the editorial "The 
Price of Vaporware" in the F eb. 
1 edition of SD Times (page 32), 
I 'd like to offer another point of 
view: Predicting when a particu- 
lar software project will be 
released is approximately as sci- 
entific as predicting the weather 
in advance for publication in the 
Farmers' Almanac. 

That said, the real problem is 
not the people at M icrosoft or 
any other company giving insane 
deadline predictions to the 
press. The problem is that the 
media swallows these ludicrous 
claims up like chocolate and 
splatters them all over the head- 
lines creating unreasonable 
expectations in the minds of end 
users. Now, I'm no journalism 
major, but I did hear a few times 
that a responsible journalist 
doesn't publish a word without 
having some factual basis. I n this 
case, the factual basis amounts 
to "some marketing wonk at 
Microsoft said so!" These days 
it's apparently fine to publish any 
old ludicrous claim without any 
facts to back it up. 

On top of that, the end users 
themselves constantly demand 
to know the unknowable, there- 
by creating the necessity for 
companies to announce as early 
as possible what software they 
will be releasing and when. 
Thus, users create the need for 
the very thing that frustrates 
them so much! 

If your next-door neighbor 
threw a hissy fit because the 
F armers' Almanac had predicted 
sunshine on J uly 4 and it turned 
out to be a rainy day, you would 
call the guys with the little white 
coats. Why can't people realize 
this really isn't any different? 

John Viele 

Solution 6 
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< continued from page 7 

ports most of the commonly used Cold Fusion Markup Language 
tags in addition to CFML's complete expression language . . . Rational 
Software Corp.'s new ContentStudio combines its ClearCase software 
configuration management software with Vignette Corp.'s Content 
Management Server to help development teams manage both 
code and content in a common repository . . . Abriasoft has released 
the Apache-based Lancelot Web server for Linux and Windows. 
v qu Lancelot supports security protocols such as SSL 

versions 2.0 and 3.0, and Transport Layer 
Security version 1.0, in addition to Microsoft Front- 
Page extensions . . . Pragmatic Software Co.'s 
Software Planner version 1.3 tracks contacts with detailed 
notes regarding conversations; imports functional specifications 
and defects to allow movement of data from one project to another; 
stores notes in many areas of an application; shows the number of 
files attached to a defect and the number of notes stored for 
the defect; sets system options; and creates project-level bulletin 
boards. A subscription-based product, Software Planner costs $299 
per month . . . Microsoft Corp.'s Visio 2002 beta is available at 
http://microsoft.order-1.com/visiobeta. In addition, Microsoft has 
released the Microsoft Office XP Developers Guide, which offers 
advanced API-level programming for creating and integrating applica- 
tions with Office XP; the guide is available at http://mspress 
.microsoft.com/copyright/request.asp. 
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Scott Trappe has been named Reasoning Inc.'s CEO. Previously, he 
was the company's COO. Reasoning also named Bill Leavy as vice 
president of marketing . . . SpiritSoft, developer of Java integration 
technology, has named Paul Chambers as vice president of profes- 
sional services worldwide . . . Ann Palmer has been cho- 
sen as Nimble Technology Inc.'s new vice president of 
technology. Previously, she was co-founder of Oralis.com 
. . . D.R. Koski has joined Gatespace AB, a provider of 
open-standards-based distributed service platforms, as 
vice president of business development . . . eDevice Inc., PALMER 
which provides embedded tools for connecting non-PC devices and 
appliances to the Web, has named Geoff Allan as its new CFO. Allan 
will be responsible for raising additional funding . . . John Fletcher has 
joined Aprilis Inc.'s board of directors. Fletcher is CEO of Fletcher 
Spaght Inc., a management consulting firm. I 
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Growth, Performance and Strength 
converge in Grand Rapids, Michigan 
where a diverse, dynamic and 
technologically advanced economy 
combines with affordable living, 
friendly communities and the 
lifestyle options you desire. Here 
creative ideas, career challenge and 
advanced solutions are built on our 
$2 billion plus leadership in food 
service distribution. 



At GFS, we fulfill our mission of providing the highest quality 
products and services by implementing dynamic and innovative 
software, middleware and hardware technologies. Now, we're 
looking for IS professionals with the following skills to join us: 



J2EE 


• JAVA 


• JMS MQSeries 


WebLogic 


• XML, HTML 


• Business Objects 


Manugistics 


• Constellar 


• PMI 


VPN 


• UNIX Sun Solaris 


• Oracle 


C/C++ 


• VB 


• Lawson 


Progress 







For immediate consideration, send your resume and salary 

requirements to: Gordon Food Service, 

P.O. Box 2066, Grand Rapids, Ml 

49501; fax: 616-717-9075; email: 

mperszyk@gfs.com. Visit us on the 

Web for detailed job descriptions at: 

www.gfs.com. We value workforce 

diversity. 
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PURE-PLAY SUCCESS DEPENDS ON THE BUSINESS 



The shoulders of the information 
superhighway are littered with the 
burned-out hulks of failed dot-com 
companies, which spontaneously com- 
busted when the spark of an idea 
touched off the fuel of capital. They 
believed the adage that you must 
spend money to make money— enthu- 
siastically embracing the former while 
having no clue as to the latter. 

M eanwhile, for the past year, 
Dave Garrett has steered 
Gantthead.com straight down 
the center lane, never maxing 
out the speedometer and always 
having money for the tolls. 
While the rest of the world tries 
to figure out how dot-coms fit 
into the larger business land- 
scape, Garrett has grown the 
pure-play Gantthead into what he claims 
is the leading portal for the project man- 
agement community. And, perhaps most 
astonishingly, Garrett said Gantthead 
turned a profit after 10 months. 

And, where companies once wore 
their dot-com tags with great pride, as 
if they truly were pioneers creating a 
"new" economy, many are dropping the 
suffix from their identities, as if that 
alone can shield the fact they still have 
no proven business model upon which 
to base their hopes for success. U nfor- 
tunately, as quickly as dot-coms became 
the darlings of the investment commu- 
nity, that is how fast they have fallen 
almost completely out of vogue, with 
virtually no money flowing into them 
from the market or private investors. 

"Everyone says, 'We're not a pure- 
play dot-com.' They're a services com- 
pany, or a consulting company," Gar- 
rett said. "It's fashionable now to say 
you can't make money as a dot-com. 
But it depends on the business." 



MONEY 
WATCH 




DAVID 
RUBINSTEIN 



H e is not some wild-eyed 20-something 
jamming on 10 supercaffeinated double 
espressos, distracted by the professional 
sports franchise he purchased with the 
second-round capitalization from a VC 
who still can't quite get a handle on how 
money will be made but thinks the idea 
remains sound. H e took lessons learned 
at James Martin and Co. and applied 
them to a broader market of IT man- 
agers. "We always approached it 
from a product orientation, as if 
we were starting a product busi- 
ness," Garrett said. "We didn't 
just start a community to see if 
anyone would come. Our con- 
tent was developed over a 20- 
year period." 

Garrett said that a third of 
Gantthead's revenues come 
from product sales, a little less than 
another third from on-site consulting, 
and the remainder from more tradi- 
tional dot-com streams— banner adver- 
tising, pay for premium content and 
subscriptions. For broader growth to 
occur in the world of Web business, he 
said, it will be important for entrepre- 
neurs, the public and investors to peel 
off the dot-com label and examine 
what a business offers, what it believes 
it realistically can achieve. 

"Once we get past looking at busi- 
nesses as dot-coms and judge them on 
merit, you'll see a change," Garrett said. 
"Web sites that offer subscriptions for 
content... if they weren't online, they'd 
be called magazines," he said. "Ama- 
zon.com would be a retailer." In fact, 
Garrett believes that many companies 
have been hurt by being painted with 
the same broad dot-com brush as those 
companies with no real business plan. 
Of course, no one was complaining 
when dot-coms were the rage and I POs 



Garrett, of course, had an advantage, blazed through the financial firmament. 



To be sure, other dot-coms have had 
similar success in the software-develop- 
ment and project-management space. 
HotDispatch has built a following 
among IT shops and individual devel- 
opers, acting as a matchmaker for soft- 
ware projects. The company also added 
a retail arm, where project managers 
and developers can buy handcrafted 
pieces of software from virtual store- 
fronts. And there are virtual component 
vendors and resource sites that are not 
only making a go of it, but expanding 
their partnerships and raising their visi- 
bility and profitability in tangible ways. 

These companies all have several 
things in common. First, they have 
diversified: Not only do they offer ser- 
vices at their Web site, but there is an 
underlying product base that drives rev- 
enue. It's the portal sites, with no prod- 
uct other than content and no revenue 
stream other than banner advertising 
and subscriptions, that are falling by the 
wayside. The troubles of Yahoo, 
TheStreet and Go have been well docu- 
mented, and each still is grappling with 
ways to reverse their fortunes. 

Yet one thing these sites have man- 
aged to do is blaze new technological 
ground, and that is an advantage not to 
be shrugged off. Whether it's the one- 
click technology of Amazon (that 
patent is being challenged), or the 
peer-to-peer technology raised to new 
heights by N apster, or the collaborative 
development and clearinghouse sites 
mentioned earlier, dot-coms are taking 
risks that large corporations often will 
not. And if the technology proves suc- 
cessful, there's always the chance of 
being swallowed whole, with a nice 
windfall attached. 

So in that regard, there's always the 
chance for a dot-com to find success. As 
G arrett said, it depends on the business. I 

David Rubinstein is executive editor of 
SD Times. 
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Developers of wireless applications are 
more likely to write to Java and J2ME plat- 
forms, according to a survey of more than 
500 developers active in wireless devel- 
opment. Almost one-third of those polled 
said they would write to Java and J2ME. 
Next were the Palm OS at 24.5 percent and 
Windows CE at 22.3 percent. 

The survey also shows there is a heav- 
ier concentration of Java users among 
wireless developers than in the general 
development population. 
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As part of TogetherSoft Corp.'s strategy to come 
out of what president and CEO Peter Coad has called 
"stealth mode," the company has secured a $20 mil- 
lion round of financing from TA Associates, a private 
equity investment firm based in Boston. Coad said 
the funds will be used to accelerate new product 
development as the company seeks to become "a 
leader in the adaptive business-process automation 
field" ... The board of directors of Sun Microsys- 
tems Inc. apparently does not believe the company's 
falling stock price is indicative of its future, and has 
authorized a stock repurchase program for up to 
$1.5 billion in outstanding shares. Sun made the 
announcement just days before its stock price hit a 
52-week low of $19,625 on March 1. There were 3.26 
billion shares outstanding as of Jan. 31 . . . Undaunt- 
ed by the huge loss of valuation of the Nasdaq stock 
market, WebGain Inc. has announced plans to go 
public with an initial public offering of common stock. 
The IPO will be led by Lehman Brothers Inc. . . . 
WebPutty Inc., a Web application development and 
execution company, has secured $22.5 million in a 
third round of venture capital financing. Bain Capital 
Ventures is the lead investor, bringing the total 
amount of money raised by WebPutty to about $30 
million since it started its business in 1997. 1 



.CALENDAR OF EVENTS 



ApacheCon April 4-6 

Santa Clara Convention Center, CA 
CAMELOT COMMUNICATIONS CORP. 
www.apachecon.com 

XML DevCon Spring April 8-11 

New York Marriott Marquis, NY 
CAMELOT COMMUNICATIONS CORP. 
www.xmldevcon2001.com 

SD 2001 West April 8-12 

San Jose Convention Center, CA 
CMP MEDIA INC. 
www.sdexpo.com 

Embedded Systems April 9-13 

Conference 

Moscone Center, San Francisco, CA 
CMP MEDIA INC. 
www.esconline.com/sf 

Embedded Internet April 14-16 
Conference 

Santa Clara Convention Center, CA 
INTERNATIONAL DATA CORP. 
www.embeddedinternet.com 

Strategic IT Staffing April 30-May 1 
Conference & Expo 

Chicago Hilton, IL 
INTERMEDIA GROUP INC. 

www.intmedgrp.com/sitss/sits01ch/overview.html 



Session Initiation 
Protocol Summit 2001 

Omni Hotel, Richardson, TX 

PULVER.COM 

www.pulver.com/sip2001 



May 1-2 



Enterprise Linux May 13-17 

Implementation Conference 

Doubletree Hotel, San Jose, CA 
101 COMMUNICATIONS LLC 
www.elxi.com 

Information is subject to change. 
Send news about upcoming events to 
events@sdtimes.com. 
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